Graphics security with synergistic encryption, content-based and resource management technology

ABSTRACT

Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of priority to U.S. Provisional Patent Application No. 63/108,691 filed on Nov. 2, 2020.

TECHNICAL FIELD

This disclosure relates generally to data processing and more particularly to data processing via a general-purpose graphics processing unit (GPU).

BACKGROUND

Current parallel graphics data processing includes systems and methods developed to perform specific operations on graphics data such as, for example, linear interpolation, tessellation, rasterization, texture mapping, depth testing, etc. Traditionally, graphics processors used fixed function computational units to process graphics data; however, more recently, portions of graphics processors have been made programmable, enabling such processors to support a wider variety of operations for processing vertex and fragment data.

To further increase performance, graphics processors typically implement processing techniques such as pipelining that attempt to process, in parallel, as much graphics data as possible throughout the different parts of the graphics pipeline. Parallel graphics processors with single instruction, multiple thread (SIMT) architectures are designed to maximize the amount of parallel processing in the graphics pipeline. In an SIMT architecture, groups of parallel threads attempt to execute program instructions synchronously together as often as possible to increase processing efficiency. A general overview of software and hardware for SIMT architectures can be found in Shane Cook, CUDA Programming Chapter 3, pages 37-51 (2013).

BRIEF DESCRIPTION OF THE DRAWINGS

The various advantages of the embodiments will become apparent to one skilled in the art by reading the following specification and appended claims, and by referencing the following drawings, in which:

FIG. 1 is a block diagram illustrating a computer system configured to implement one or more aspects of the embodiments described herein;

FIGS. 2A-2D illustrate parallel processor components;

FIGS. 3A-3C are block diagrams of graphics multiprocessors and multiprocessor-based GPUs;

FIGS. 4A-4F illustrate an exemplary architecture in which a plurality of GPUs is communicatively coupled to a plurality of multi-core processors;

FIG. 5 illustrates a graphics processing pipeline;

FIGS. 6A and 6B illustrate a process of an example of a granular, lane-specific encryption and decryption process according to an embodiment;

FIG. 6C is a block diagram of a SIMD architecture according to an embodiment;

FIG. 6D is a flowchart of an example of a method of granular encryption and decryption according to an embodiment;

FIG. 6E is a flowchart of an example of a method of processing read requests according to an embodiment;

FIG. 6F is a process of an example of an encryption and storage process according to an embodiment;

FIG. 6G is a block diagram of a performance-enhanced computing architecture according to an embodiment;

FIG. 6H is a block diagram of an entry according to an embodiment;

FIG. 6I is a flowchart of an example of a method of entering data into a ledger according to an embodiment;

FIG. 7A is an exemplary architecture in which a converged cryptographic engine executes encryption and decryption according to an embodiment;

FIG. 7B is a flowchart of an example of a method of encrypting data and decrypting data according to various trust domains according to an embodiment;

FIG. 7C is a flowchart of an example of a method of a granular encryption scheme according to various trust domains according to an embodiment;

FIG. 7D is a flowchart of an example of a method of encrypting data from a same accelerator and/or CPU with different keys according to an embodiment;

FIG. 7E is a process of an example of a granular encryption process according to an embodiment;

FIG. 7F is a flowchart of an example of a method of decrypting data with a GPU according to an embodiment;

FIG. 7G is a process of an example of an encryption and decryption process according to an embodiment;

FIG. 7H is a process of an example of cryptographic cache with a cryptographic diffusion and confusion according to an embodiment;

FIG. 7I is a diagram of an example of a resources diagram according to an embodiment;

FIG. 8A is a block diagram of an example of a tenant-based processing environment according to an embodiment;

FIG. 8B is a block diagram of an example of a graphics processing unit architecture according to an embodiment;

FIG. 8C is a process of an example of securing trust between a tenant and a graphics processing unit according to an embodiment;

FIG. 8D is a flowchart of an example of a method of securely attesting according to an embodiment;

FIG. 9A is a block diagram of an example of a software-accelerated, confidential, security enhanced computing architecture according to an embodiment;

FIG. 9B is a block diagram of an example of hardware-accelerated, confidential security enhanced computing architecture according to an embodiment;

FIG. 9C is a flowchart of an example of a method of securely transferring data from a guest OS according to an embodiment;

FIG. 9D is a flowchart of an example of a method of securely handling data according to an embodiment;

FIG. 9E is a block diagram of an example of an encryption conversion scheme with a paging process according to an embodiment;

FIG. 9F is a flowchart of an example of a method of handling paging operations securely according to an embodiment;

FIG. 9G is a flowchart of an example of a method of paging data according to an embodiment;

FIG. 10 is a block diagram of an example of a processing system according to an embodiment;

FIGS. 11A-11D are block diagrams of examples of computing systems and graphics processors according to embodiments;

FIGS. 12A-12C are block diagrams of examples of additional graphics processor and compute accelerator architectures according to embodiments;

FIG. 13 is a block diagram of an example of a graphics processing engine of a graphics processor according to an embodiment;

FIGS. 14A-14B is a block diagram of an example of thread execution logic of a graphics processor core according to an embodiment;

FIG. 15 illustrates an example of an additional execution unit according to an embodiment;

FIG. 16 is a block diagram illustrating an example of a graphics processor instruction formats according to an embodiment;

FIG. 17 is a block diagram of another example of a graphics processor according to an embodiment;

FIG. 18A is a block diagram illustrating an example of a graphics processor command format according to an embodiment;

FIG. 18B is a block diagram illustrating an example of a graphics processor command sequence according to an embodiment;

FIG. 19 illustrates an example graphics software architecture for a data processing system according to an embodiment;

FIG. 20A is a block diagram illustrating an example of an IP core development system according to an embodiment;

FIG. 20B illustrates an example of a cross-section side view of an integrated circuit package assembly according to an embodiment;

FIGS. 20C-20D illustrates examples of package assemblies according to an embodiment;

FIG. 21 is a block diagram illustrating an example of a system on a chip integrated circuit according to an embodiment; and

FIGS. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments.

DESCRIPTION OF EMBODIMENTS

A graphics processing unit (GPU) is communicatively coupled to host/processor cores to accelerate, for example, graphics operations, machine-learning operations, pattern analysis operations, and/or various general-purpose GPU (GPGPU) functions. The GPU may be communicatively coupled to the host processor/cores over a bus or another interconnect (e.g., a high-speed interconnect such as PCIe or NVLink). Alternatively, the GPU may be integrated on the same package or chip as the cores and communicatively coupled to the cores over an internal processor bus/interconnect (i.e., internal to the package or chip). Regardless of the manner in which the GPU is connected, the processor cores may allocate work to the GPU in the form of sequences of commands/instructions contained in a work descriptor. The GPU then uses dedicated circuitry/logic for efficiently processing these commands/instructions.

In the following description, numerous specific details are set forth to provide a more thorough understanding. However, it will be apparent to one of skill in the art that the embodiments described herein may be practiced without one or more of these specific details. In other instances, well-known features have not been described to avoid obscuring the details of the present embodiments.

System Overview

FIG. 1 is a block diagram illustrating a computing system 100 configured to implement one or more aspects of the embodiments described herein. The computing system 100 includes a processing subsystem 101 having one or more processor(s) 102 and a system memory 104 communicating via an interconnection path that may include a memory hub 105. The memory hub 105 may be a separate component within a chipset component or may be integrated within the one or more processor(s) 102. The memory hub 105 couples with an I/O subsystem 111 via a communication link 106. The I/O subsystem 111 includes an I/O hub 107 that can enable the computing system 100 to receive input from one or more input device(s) 108. Additionally, the I/O hub 107 can enable a display controller, which may be included in the one or more processor(s) 102, to provide outputs to one or more display device(s) 110A. In one embodiment the one or more display device(s) 110A coupled with the I/O hub 107 can include a local, internal, or embedded display device.

The processing subsystem 101, for example, includes one or more parallel processor(s) 112 coupled to memory hub 105 via a bus or other communication link 113. The communication link 113 may be one of any number of standards-based communication link technologies or protocols, such as, but not limited to PCI Express, or may be a vendor specific communications interface or communications fabric. The one or more parallel processor(s) 112 may form a computationally focused parallel or vector processing system that can include a large number of processing cores and/or processing clusters, such as a many integrated core (MIC) processor. For example, the one or more parallel processor(s) 112 form a graphics processing subsystem that can output pixels to one of the one or more display device(s) 110A coupled via the I/O Hub 107. The one or more parallel processor(s) 112 can also include a display controller and display interface (not shown) to enable a direct connection to one or more display device(s) 110B.

Within the I/O subsystem 111, a system storage unit 114 can connect to the I/O hub 107 to provide a storage mechanism for the computing system 100. An I/O switch 116 can be used to provide an interface mechanism to enable connections between the I/O hub 107 and other components, such as a network adapter 118 and/or wireless network adapter 119 that may be integrated into the platform, and various other devices that can be added via one or more add-in device(s) 120. The add-in device(s) 120 may also include, for example, one or more external graphics processor devices and/or compute accelerators. The network adapter 118 can be an Ethernet adapter or another wired network adapter. The wireless network adapter 119 can include one or more of a Wi-Fi, Bluetooth, near field communication (NFC), or other network device that includes one or more wireless radios.

The computing system 100 can include other components not explicitly shown, including USB or other port connections, optical storage drives, video capture devices, and the like, may also be connected to the I/O hub 107. Communication paths interconnecting the various components in FIG. 1 may be implemented using any suitable protocols, such as PCI (Peripheral Component Interconnect) based protocols (e.g., PCI-Express), or any other bus or point-to-point communication interfaces and/or protocol(s), such as the NVLink high-speed interconnect, or interconnect protocols known in the art.

The one or more parallel processor(s) 112 may incorporate circuitry optimized for graphics and video processing, including, for example, video output circuitry, and constitutes a graphics processing unit (GPU). Alternatively or additionally, the one or more parallel processor(s) 112 can incorporate circuitry optimized for general purpose processing, while preserving the underlying computational architecture, described in greater detail herein. Components of the computing system 100 may be integrated with one or more other system elements on a single integrated circuit. For example, the one or more parallel processor(s) 112, memory hub 105, processor(s) 102, and I/O hub 107 can be integrated into a system on chip (SoC) integrated circuit. Alternatively, the components of the computing system 100 can be integrated into a single package to form a system in package (SIP) configuration. In one embodiment at least a portion of the components of the computing system 100 can be integrated into a multi-chip module (MCM), which can be interconnected with other multi-chip modules into a modular computing system.

It will be appreciated that the computing system 100 shown herein is illustrative and that variations and modifications are possible. The connection topology, including the number and arrangement of bridges, the number of processor(s) 102, and the number of parallel processor(s) 112, may be modified as desired. For instance, system memory 104 can be connected to the processor(s) 102 directly rather than through a bridge, while other devices communicate with system memory 104 via the memory hub 105 and the processor(s) 102. In other alternative topologies, the parallel processor(s) 112 are connected to the I/O hub 107 or directly to one of the one or more processor(s) 102, rather than to the memory hub 105. In other embodiments, the I/O hub 107 and memory hub 105 may be integrated into a single chip. It is also possible that two or more sets of processor(s) 102 are attached via multiple sockets, which can couple with two or more instances of the parallel processor(s) 112.

Some of the particular components shown herein are optional and may not be included in all implementations of the computing system 100. For example, any number of add-in cards or peripherals may be supported, or some components may be eliminated. Furthermore, some architectures may use different terminology for components similar to those illustrated in FIG. 1. For example, the memory hub 105 may be referred to as a Northbridge in some architectures, while the I/O hub 107 may be referred to as a Southbridge.

FIG. 2A illustrates a parallel processor 200. The parallel processor 200 may be a GPU, GPGPU or the like as described herein. The various components of the parallel processor 200 may be implemented using one or more integrated circuit devices, such as programmable processors, application specific integrated circuits (ASICs), or field programmable gate arrays (FPGA). The illustrated parallel processor 200 may be the, or one of the parallel processor(s) 112 shown in FIG. 1.

The parallel processor 200 includes a parallel processing unit 202. The parallel processing unit includes an I/O unit 204 that enables communication with other devices, including other instances of the parallel processing unit 202. The I/O unit 204 may be directly connected to other devices. For instance, the I/O unit 204 connects with other devices via the use of a hub or switch interface, such as memory hub 105. The connections between the memory hub 105 and the I/O unit 204 form a communication link 113. Within the parallel processing unit 202, the I/O unit 204 connects with a host interface 206 and a memory crossbar 216, where the host interface 206 receives commands directed to performing processing operations and the memory crossbar 216 receives commands directed to performing memory operations.

When the host interface 206 receives a command buffer via the I/O unit 204, the host interface 206 can direct work operations to perform those commands to a front end 208. In one embodiment the front end 208 couples with a scheduler 210, which is configured to distribute commands or other work items to a processing cluster array 212. The scheduler 210 ensures that the processing cluster array 212 is properly configured and in a valid state before tasks are distributed to the processing clusters of the processing cluster array 212. The scheduler 210 may be implemented via firmware logic executing on a microcontroller. The microcontroller implemented scheduler 210 is configurable to perform complex scheduling and work distribution operations at coarse and fine granularity, enabling rapid preemption and context switching of threads executing on the processing array 212. Preferably, the host software can prove workloads for scheduling on the processing array 212 via one of multiple graphics processing doorbells. The workloads can then be automatically distributed across the processing array 212 by the scheduler 210 logic within the scheduler microcontroller.

The processing cluster array 212 can include up to “N” processing clusters (e.g., cluster 214A, cluster 214B, through cluster 214N). Each cluster 214A-214N of the processing cluster array 212 can execute a large number of concurrent threads. The scheduler 210 can allocate work to the clusters 214A-214N of the processing cluster array 212 using various scheduling and/or work distribution algorithms, which may vary depending on the workload arising for each type of program or computation. The scheduling can be handled dynamically by the scheduler 210, or can be assisted in part by compiler logic during compilation of program logic configured for execution by the processing cluster array 212. Optionally, different clusters 214A-214N of the processing cluster array 212 can be allocated for processing different types of programs or for performing different types of computations.

The processing cluster array 212 can be configured to perform various types of parallel processing operations. For example, the cluster array 212 is configured to perform general-purpose parallel compute operations. For example, the processing cluster array 212 can include logic to execute processing tasks including filtering of video and/or audio data, performing modeling operations, including physics operations, and performing data transformations.

The processing cluster array 212 is configured to perform parallel graphics processing operations. In such embodiments in which the parallel processor 200 is configured to perform graphics processing operations, the processing cluster array 212 can include additional logic to support the execution of such graphics processing operations, including, but not limited to texture sampling logic to perform texture operations, as well as tessellation logic and other vertex processing logic. Additionally, the processing cluster array 212 can be configured to execute graphics processing related shader programs such as, but not limited to vertex shaders, tessellation shaders, geometry shaders, and pixel shaders. The parallel processing unit 202 can transfer data from system memory via the I/O unit 204 for processing. During processing the transferred data can be stored to on-chip memory (e.g., parallel processor memory 222) during processing, then written back to system memory.

In embodiments in which the parallel processing unit 202 is used to perform graphics processing, the scheduler 210 may be configured to divide the processing workload into approximately equal sized tasks, to better enable distribution of the graphics processing operations to multiple clusters 214A-214N of the processing cluster array 212. In some of these embodiments, portions of the processing cluster array 212 can be configured to perform different types of processing. For example a first portion may be configured to perform vertex shading and topology generation, a second portion may be configured to perform tessellation and geometry shading, and a third portion may be configured to perform pixel shading or other screen space operations, to produce a rendered image for display. Intermediate data produced by one or more of the clusters 214A-214N may be stored in buffers to allow the intermediate data to be transmitted between clusters 214A-214N for further processing.

During operation, the processing cluster array 212 can receive processing tasks to be executed via the scheduler 210, which receives commands defining processing tasks from front end 208. For graphics processing operations, processing tasks can include indices of data to be processed, e.g., surface (patch) data, primitive data, vertex data, and/or pixel data, as well as state parameters and commands defining how the data is to be processed (e.g., what program is to be executed). The scheduler 210 may be configured to fetch the indices corresponding to the tasks or may receive the indices from the front end 208. The front end 208 can be configured to ensure the processing cluster array 212 is configured to a valid state before the workload specified by incoming command buffers (e.g., batch-buffers, push buffers, etc.) is initiated.

Each of the one or more instances of the parallel processing unit 202 can couple with parallel processor memory 222. The parallel processor memory 222 can be accessed via the memory crossbar 216, which can receive memory requests from the processing cluster array 212 as well as the I/O unit 204. The memory crossbar 216 can access the parallel processor memory 222 via a memory interface 218. The memory interface 218 can include multiple partition units (e.g., partition unit 220A, partition unit 220B, through partition unit 220N) that can each couple to a portion (e.g., memory unit) of parallel processor memory 222. The number of partition units 220A-220N may be configured to be equal to the number of memory units, such that a first partition unit 220A has a corresponding first memory unit 224A, a second partition unit 220B has a corresponding memory unit 224B, and an Nth partition unit 220N has a corresponding Nth memory unit 224N. In other embodiments, the number of partition units 220A-220N may not be equal to the number of memory devices.

The memory units 224A-224N can include various types of memory devices, including dynamic random-access memory (DRAM) or graphics random access memory, such as synchronous graphics random access memory (SGRAM), including graphics double data rate (GDDR) memory. Optionally, the memory units 224A-224N may also include 3D stacked memory, including but not limited to high bandwidth memory (HBM). Persons skilled in the art will appreciate that the specific implementation of the memory units 224A-224N can vary, and can be selected from one of various conventional designs. Render targets, such as frame buffers or texture maps may be stored across the memory units 224A-224N, allowing partition units 220A-220N to write portions of each render target in parallel to efficiently use the available bandwidth of parallel processor memory 222. In some embodiments, a local instance of the parallel processor memory 222 may be excluded in favor of a unified memory design that utilizes system memory in conjunction with local cache memory.

Optionally, any one of the clusters 214A-214N of the processing cluster array 212 has the ability to process data that will be written to any of the memory units 224A-224N within parallel processor memory 222. The memory crossbar 216 can be configured to transfer the output of each cluster 214A-214N to any partition unit 220A-220N or to another cluster 214A-214N, which can perform additional processing operations on the output. Each cluster 214A-214N can communicate with the memory interface 218 through the memory crossbar 216 to read from or write to various external memory devices. In one of the embodiments with the memory crossbar 216 the memory crossbar 216 has a connection to the memory interface 218 to communicate with the I/O unit 204, as well as a connection to a local instance of the parallel processor memory 222, enabling the processing units within the different processing clusters 214A-214N to communicate with system memory or other memory that is not local to the parallel processing unit 202. Generally, the memory crossbar 216 may, for example, by able to use virtual channels to separate traffic streams between the clusters 214A-214N and the partition units 220A-220N.

While a single instance of the parallel processing unit 202 is illustrated within the parallel processor 200, any number of instances of the parallel processing unit 202 can be included. For example, multiple instances of the parallel processing unit 202 can be provided on a single add-in card, or multiple add-in cards can be interconnected. The different instances of the parallel processing unit 202 can be configured to inter-operate even if the different instances have different numbers of processing cores, different amounts of local parallel processor memory, and/or other configuration differences. Optionally, some instances of the parallel processing unit 202 can include higher precision floating point units relative to other instances. Systems incorporating one or more instances of the parallel processing unit 202 or the parallel processor 200 can be implemented in a variety of configurations and form factors, including but not limited to desktop, laptop, or handheld personal computers, servers, workstations, game consoles, and/or embedded systems.

FIG. 2B is a block diagram of a partition unit 220. The partition unit 220 may be an instance of one of the partition units 220A-220N of FIG. 2A. As illustrated, the partition unit 220 includes an L2 cache 221, a frame buffer interface 225, and a ROP 226 (raster operations unit). The L2 cache 221 is a read/write cache that is configured to perform load and store operations received from the memory crossbar 216 and ROP 226. Read misses and urgent write-back requests are output by L2 cache 221 to frame buffer interface 225 for processing. Updates can also be sent to the frame buffer via the frame buffer interface 225 for processing. In one embodiment the frame buffer interface 225 interfaces with one of the memory units in parallel processor memory, such as the memory units 224A-224N of FIG. 2A (e.g., within parallel processor memory 222). The partition unit 220 may additionally or alternatively also interface with one of the memory units in parallel processor memory via a memory controller (not shown).

In graphics applications, the ROP 226 is a processing unit that performs raster operations such as stencil, z test, blending, and the like. The ROP 226 then outputs processed graphics data that is stored in graphics memory. In some embodiments the ROP 226 includes compression logic to compress depth or color data that is written to memory and decompress depth or color data that is read from memory. The compression logic can be lossless compression logic that makes use of one or more of multiple compression algorithms. The type of compression that is performed by the ROP 226 can vary based on the statistical characteristics of the data to be compressed. For example, in one embodiment, delta color compression is performed on depth and color data on a per-tile basis.

The ROP 226 may be included within each processing cluster (e.g., cluster 214A-214N of FIG. 2A) instead of within the partition unit 220. In such embodiment, read and write requests for pixel data are transmitted over the memory crossbar 216 instead of pixel fragment data. The processed graphics data may be displayed on a display device, such as one of the one or more display device(s) 110 of FIG. 1, routed for further processing by the processor(s) 102, or routed for further processing by one of the processing entities within the parallel processor 200 of FIG. 2A.

FIG. 2C is a block diagram of a processing cluster 214 within a parallel processing unit. For example, the processing cluster is an instance of one of the processing clusters 214A-214N of FIG. 2A. The processing cluster 214 can be configured to execute many threads in parallel, where the term “thread” refers to an instance of a particular program executing on a particular set of input data. Optionally, single-instruction, multiple-data (SIMD) instruction issue techniques may be used to support parallel execution of a large number of threads without providing multiple independent instruction units. Alternatively, single-instruction, multiple-thread (SIMT) techniques may be used to support parallel execution of a large number of generally synchronized threads, using a common instruction unit configured to issue instructions to a set of processing engines within each one of the processing clusters. Unlike a SIND execution regime, where all processing engines typically execute identical instructions, SIMT execution allows different threads to more readily follow divergent execution paths through a given thread program. Persons skilled in the art will understand that a SIMD processing regime represents a functional subset of a SIMT processing regime. The processing cluster 214 may generally implement any of the embodiments described herein, such as, for example the process 600 (FIGS. 6A and 6B), method 670 (FIG. 6D), method 690 (FIG. 6E), the process 3300 (FIG. 6F) and/or be combined with the SIMD architecture 660 (FIG. 6C), already discussed.

Operation of the processing cluster 214 can be controlled via a pipeline manager 232 that distributes processing tasks to SIMT parallel processors. The pipeline manager 232 receives instructions from the scheduler 210 of FIG. 2A and manages execution of those instructions via a graphics multiprocessor 234 and/or a texture unit 236. The illustrated graphics multiprocessor 234 is an exemplary instance of a SIMT parallel processor. However, various types of SIMT parallel processors of differing architectures may be included within the processing cluster 214. One or more instances of the graphics multiprocessor 234 can be included within a processing cluster 214. The graphics multiprocessor 234 can process data and a data crossbar 240 can be used to distribute the processed data to one of multiple possible destinations, including other shader units. The pipeline manager 232 can facilitate the distribution of processed data by specifying destinations for processed data to be distributed via the data crossbar 240.

Each graphics multiprocessor 234 within the processing cluster 214 can include an identical set of functional execution logic (e.g., arithmetic logic units, load-store units, etc.). The functional execution logic can be configured in a pipelined manner in which new instructions can be issued before previous instructions are complete. The functional execution logic supports a variety of operations including integer and floating-point arithmetic, comparison operations, Boolean operations, bit-shifting, and computation of various algebraic functions. The same functional-unit hardware could be leveraged to perform different operations and any combination of functional units may be present.

The instructions transmitted to the processing cluster 214 constitutes a thread. A set of threads executing across the set of parallel processing engines is a thread group. A thread group executes the same program on different input data. Each thread within a thread group can be assigned to a different processing engine within a graphics multiprocessor 234. A thread group may include fewer threads than the number of processing engines within the graphics multiprocessor 234. When a thread group includes fewer threads than the number of processing engines, one or more of the processing engines may be idle during cycles in which that thread group is being processed. A thread group may also include more threads than the number of processing engines within the graphics multiprocessor 234. When the thread group includes more threads than the number of processing engines within the graphics multiprocessor 234, processing can be performed over consecutive clock cycles. Optionally, multiple thread groups can be executed concurrently on the graphics multiprocessor 234.

The graphics multiprocessor 234 may include an internal cache memory to perform load and store operations. Optionally, the graphics multiprocessor 234 can forego an internal cache and use a cache memory (e.g., L1 cache 248) within the processing cluster 214. Each graphics multiprocessor 234 also has access to L2 caches within the partition units (e.g., partition units 220A-220N of FIG. 2A) that are shared among all processing clusters 214 and may be used to transfer data between threads. The graphics multiprocessor 234 may also access off-chip global memory, which can include one or more of local parallel processor memory and/or system memory. Any memory external to the parallel processing unit 202 may be used as global memory. Embodiments in which the processing cluster 214 includes multiple instances of the graphics multiprocessor 234 can share common instructions and data, which may be stored in the L1 cache 248.

Each processing cluster 214 may include an MMU 245 (memory management unit) that is configured to map virtual addresses into physical addresses. In other embodiments, one or more instances of the MMU 245 may reside within the memory interface 218 of FIG. 2A. The MMU 245 includes a set of page table entries (PTEs) used to map a virtual address to a physical address of a tile and optionally a cache line index. The MMU 245 may include address translation lookaside buffers (TLB) or caches that may reside within the graphics multiprocessor 234 or the L1 cache or processing cluster 214. The physical address is processed to distribute surface data access locality to allow efficient request interleaving among partition units. The cache line index may be used to determine whether a request for a cache line is a hit or miss.

In graphics and computing applications, a processing cluster 214 may be configured such that each graphics multiprocessor 234 is coupled to a texture unit 236 for performing texture mapping operations, e.g., determining texture sample positions, reading texture data, and filtering the texture data. Texture data is read from an internal texture L1 cache (not shown) or in some embodiments from the L1 cache within graphics multiprocessor 234 and is fetched from an L2 cache, local parallel processor memory, or system memory, as needed. Each graphics multiprocessor 234 outputs processed tasks to the data crossbar 240 to provide the processed task to another processing cluster 214 for further processing or to store the processed task in an L2 cache, local parallel processor memory, or system memory via the memory crossbar 216. A preROP 242 (pre-raster operations unit) is configured to receive data from graphics multiprocessor 234, direct data to ROP units, which may be located with partition units as described herein (e.g., partition units 220A-220N of FIG. 2A). The preROP 242 unit can perform optimizations for color blending, organize pixel color data, and perform address translations.

It will be appreciated that the core architecture described herein is illustrative and that variations and modifications are possible. Any number of processing units, e.g., graphics multiprocessor 234, texture units 236, preROPs 242, etc., may be included within a processing cluster 214. Further, while only one processing cluster 214 is shown, a parallel processing unit as described herein may include any number of instances of the processing cluster 214. Optionally, each processing cluster 214 can be configured to operate independently of other processing clusters 214 using separate and distinct processing units, L 1 caches, etc.

FIG. 2D shows an example of the graphics multiprocessor 234 in which the graphics multiprocessor 234 couples with the pipeline manager 232 of the processing cluster 214. The graphics multiprocessor 234 has an execution pipeline including but not limited to an instruction cache 252, an instruction unit 254, an address mapping unit 256, a register file 258, one or more general purpose graphics processing unit (GPGPU) cores 262, and one or more load/store units 266. The GPGPU cores 262 and load/store units 266 are coupled with cache memory 272 and shared memory 270 via a memory and cache interconnect 268. The graphics multiprocessor 234 may additionally include tensor and/or ray-tracing cores 263 that include hardware logic to accelerate matrix and/or ray-tracing operations.

The instruction cache 252 may receive a stream of instructions to execute from the pipeline manager 232. The instructions are cached in the instruction cache 252 and dispatched for execution by the instruction unit 254. The instruction unit 254 can dispatch instructions as thread groups (e.g., warps), with each thread of the thread group assigned to a different execution unit within GPGPU core 262. An instruction can access any of a local, shared, or global address space by specifying an address within a unified address space. The address mapping unit 256 can be used to translate addresses in the unified address space into a distinct memory address that can be accessed by the load/store units 266.

The register file 258 provides a set of registers for the functional units of the graphics multiprocessor 234. The register file 258 provides temporary storage for operands connected to the data paths of the functional units (e.g., GPGPU cores 262, load/store units 266) of the graphics multiprocessor 234. The register file 258 may be divided between each of the functional units such that each functional unit is allocated a dedicated portion of the register file 258. For example, the register file 258 may be divided between the different warps being executed by the graphics multiprocessor 234.

The GPGPU cores 262 can each include floating point units (FPUs) and/or integer arithmetic logic units (ALUs) that are used to execute instructions of the graphics multiprocessor 234. In some implementations, the GPGPU cores 262 can include hardware logic that may otherwise reside within the tensor and/or ray-tracing cores 263. The GPGPU cores 262 can be similar in architecture or can differ in architecture. For example and in one embodiment, a first portion of the GPGPU cores 262 include a single precision FPU and an integer ALU while a second portion of the GPGPU cores include a double precision FPU. Optionally, the FPUs can implement the IEEE 754-2008 standard for floating point arithmetic or enable variable precision floating point arithmetic. The graphics multiprocessor 234 can additionally include one or more fixed function or special function units to perform specific functions such as copy rectangle or pixel blending operations. One or more of the GPGPU cores can also include fixed or special function logic.

The GPGPU cores 262 may include SIMD logic capable of performing a single instruction on multiple sets of data. Optionally, GPGPU cores 262 can physically execute SIMD8, and SIMD16 instructions and logically execute SIMD1, SIMD2, and SIMD32 instructions. The SIMD instructions for the GPGPU cores can be generated at compile time by a shader compiler or automatically generated when executing programs written and compiled for single program multiple data (SPMD) or SIMT architectures. Multiple threads of a program configured for the SIMT execution model can be executed via a single SIMD instruction. For example, and in one embodiment, eight SIMT threads that perform the same or similar operations can be executed in parallel via a single SIMD8 logic unit.

The memory and cache interconnect 268 is an interconnect network that connects each of the functional units of the graphics multiprocessor 234 to the register file 258 and to the shared memory 270. For example, the memory and cache interconnect 268 is a crossbar interconnect that allows the load/store unit 266 to implement load and store operations between the shared memory 270 and the register file 258. The register file 258 can operate at the same frequency as the GPGPU cores 262, thus data transfer between the GPGPU cores 262 and the register file 258 is very low latency. The shared memory 270 can be used to enable communication between threads that execute on the functional units within the graphics multiprocessor 234. The cache memory 272 can be used as a data cache for example, to cache texture data communicated between the functional units and the texture unit 236. The shared memory 270 can also be used as a program managed cached. Threads executing on the GPGPU cores 262 can programmatically store data within the shared memory in addition to the automatically cached data that is stored within the cache memory 272.

FIG. 3A-3C illustrate additional graphics multiprocessors, according to embodiments. FIG. 3A-3B illustrate graphics multiprocessors 325, 350, which are related to the graphics multiprocessor 234 of FIG. 2C and may be used in place of one of those. Therefore, the disclosure of any features in combination with the graphics multiprocessor 234 herein also discloses a corresponding combination with the graphics multiprocessor(s) 325, 350, but is not limited to such. FIG. 3C illustrates a graphics processing unit (GPU) 380 which includes dedicated sets of graphics processing resources arranged into multi-core groups 365A-365N, which correspond to the graphics multiprocessors 325, 350. The illustrated graphics multiprocessors 325, 350 and the multi-core groups 365A-365N can be streaming multiprocessors (SM) capable of simultaneous execution of a large number of execution threads.

The graphics multiprocessor 325 of FIG. 3A includes multiple additional instances of execution resource units relative to the graphics multiprocessor 234 of FIG. 2D. For example, the graphics multiprocessor 325 can include multiple instances of the instruction unit 332A-332B, register file 334A-334B, and texture unit(s) 344A-344B. The graphics multiprocessor 325 also includes multiple sets of graphics or compute execution units (e.g., GPGPU core 336A-336B, tensor core 337A-337B, ray-tracing core 338A-338B) and multiple sets of load/store units 340A-340B. The execution resource units have a common instruction cache 330, texture and/or data cache memory 342, and shared memory 346.

The various components can communicate via an interconnect fabric 327. The interconnect fabric 327 may include one or more crossbar switches to enable communication between the various components of the graphics multiprocessor 325. The interconnect fabric 327 may be a separate, high-speed network fabric layer upon which each component of the graphics multiprocessor 325 is stacked. The components of the graphics multiprocessor 325 communicate with remote components via the interconnect fabric 327. For example, the GPGPU cores 336A-336B, 337A-337B, and 3378A-338B can each communicate with shared memory 346 via the interconnect fabric 327. The interconnect fabric 327 can arbitrate communication within the graphics multiprocessor 325 to ensure a fair bandwidth allocation between components.

The graphics multiprocessor 350 of FIG. 3B includes multiple sets of execution resources 356A-356D, where each set of execution resource includes multiple instruction units, register files, GPGPU cores, and load store units, as illustrated in FIG. 2D and FIG. 3A. The execution resources 356A-356D can work in concert with texture unit(s) 360A-360D for texture operations, while sharing an instruction cache 354, and shared memory 353. For example, the execution resources 356A-356D can share an instruction cache 354 and shared memory 353, as well as multiple instances of a texture and/or data cache memory 358A-358B. The various components can communicate via an interconnect fabric 352 similar to the interconnect fabric 327 of FIG. 3A.

Persons skilled in the art will understand that the architecture described in FIG. 1, 2A-2D, and 3A-3B are descriptive and not limiting as to the scope of the present embodiments. Thus, the techniques described herein may be implemented on any properly configured processing unit, including, without limitation, one or more mobile application processors, one or more desktop or server central processing units (CPUs) including multi-core CPUs, one or more parallel processing units, such as the parallel processing unit 202 of FIG. 2A, as well as one or more graphics processors or special purpose processing units, without departure from the scope of the embodiments described herein.

The parallel processor or GPGPU as described herein may be communicatively coupled to host/processor cores to accelerate graphics operations, machine-learning operations, pattern analysis operations, and various general-purpose GPU (GPGPU) functions. The GPU may be communicatively coupled to the host processor/cores over a bus or other interconnect (e.g., a high-speed interconnect such as PCIe or NVLink). In other embodiments, the GPU may be integrated on the same package or chip as the cores and communicatively coupled to the cores over an internal processor bus/interconnect (i.e., internal to the package or chip). Regardless of the manner in which the GPU is connected, the processor cores may allocate work to the GPU in the form of sequences of commands/instructions contained in a work descriptor. The GPU then uses dedicated circuitry/logic for efficiently processing these commands/instructions.

FIG. 3C illustrates a graphics processing unit (GPU) 380 which includes dedicated sets of graphics processing resources arranged into multi-core groups 365A-365N. While the details of only a single multi-core group 365A are provided, it will be appreciated that the other multi-core groups 365B-365N may be equipped with the same or similar sets of graphics processing resources. Details described with respect to the multi-core groups 365A-365N may also apply to any graphics multiprocessor 234, 325, 350 described herein.

As illustrated, a multi-core group 365A may include a set of graphics cores 370, a set of tensor cores 371, and a set of ray tracing cores 372. A scheduler/dispatcher 368 schedules and dispatches the graphics threads for execution on the various cores 370, 371, 372. A set of register files 369 store operand values used by the cores 370, 371, 372 when executing the graphics threads. These may include, for example, integer registers for storing integer values, floating point registers for storing floating point values, vector registers for storing packed data elements (integer and/or floating-point data elements) and tile registers for storing tensor/matrix values. The tile registers may be implemented as combined sets of vector registers.

One or more combined level 1 (L1) caches and shared memory units 373 store graphics data such as texture data, vertex data, pixel data, ray data, bounding volume data, etc., locally within each multi-core group 365A. One or more texture units 374 can also be used to perform texturing operations, such as texture mapping and sampling. A Level 2 (L2) cache 375 shared by all or a subset of the multi-core groups 365A-365N stores graphics data and/or instructions for multiple concurrent graphics threads. As illustrated, the L2 cache 375 may be shared across a plurality of multi-core groups 365A-365N. One or more memory controllers 367 couple the GPU 380 to a memory 366 which may be a system memory (e.g., DRAM) and/or a dedicated graphics memory (e.g., GDDR6 memory).

Input/output (I/O) circuitry 363 couples the GPU 380 to one or more I/O devices 362 such as digital signal processors (DSPs), network controllers, or user input devices. An on-chip interconnect may be used to couple the I/O devices 362 to the GPU 380 and memory 366. One or more I/O memory management units (IOMMUs) 364 of the I/O circuitry 363 couple the I/O devices 362 directly to the system memory 366. Optionally, the IOMMU 364 manages multiple sets of page tables to map virtual addresses to physical addresses in system memory 366. The I/O devices 362, CPU(s) 361, and GPU(s) 380 may then share the same virtual address space.

In one implementation of the IOMMU 364, the IOMMU 364 supports virtualization. In this case, it may manage a first set of page tables to map guest/graphics virtual addresses to guest/graphics physical addresses and a second set of page tables to map the guest/graphics physical addresses to system/host physical addresses (e.g., within system memory 366). The base addresses of each of the first and second sets of page tables may be stored in control registers and swapped out on a context switch (e.g., so that the new context is provided with access to the relevant set of page tables). While not illustrated in FIG. 3C, each of the cores 370, 371, 372 and/or multi-core groups 365A-365N may include translation lookaside buffers (TLBs) to cache guest virtual to guest physical translations, guest physical to host physical translations, and guest virtual to host physical translations.

The CPUs 361, GPUs 380, and I/O devices 362 may be integrated on a single semiconductor chip and/or chip package. The illustrated memory 366 may be integrated on the same chip or may be coupled to the memory controllers 367 via an off-chip interface. In one implementation, the memory 366 comprises GDDR6 memory which shares the same virtual address space as other physical system-level memories, although the underlying principles described herein are not limited to this specific implementation.

The tensor cores 371 may include a plurality of execution units specifically designed to perform matrix operations, which are the fundamental compute operation used to perform deep learning operations. For example, simultaneous matrix multiplication operations may be used for neural network training and inferencing. The tensor cores 371 may perform matrix processing using a variety of operand precisions including single precision floating-point (e.g., 32 bits), half-precision floating point (e.g., 16 bits), integer words (16 bits), bytes (8 bits), and half-bytes (4 bits). For example, a neural network implementation extracts features of each rendered scene, potentially combining details from multiple frames, to construct a high-quality final image.

In deep learning implementations, parallel matrix multiplication work may be scheduled for execution on the tensor cores 371. The training of neural networks, in particular, requires a significant number matrix dot product operations. In order to process an inner-product formulation of an N×N×N matrix multiply, the tensor cores 371 may include at least N dot-product processing elements. Before the matrix multiply begins, one entire matrix is loaded into tile registers and at least one column of a second matrix is loaded each cycle for N cycles. Each cycle, there are N dot products that are processed.

Matrix elements may be stored at different precisions depending on the particular implementation, including 16-bit words, 8-bit bytes (e.g., INT8) and 4-bit half-bytes (e.g., INT4). Different precision modes may be specified for the tensor cores 371 to ensure that the most efficient precision is used for different workloads (e.g., such as inferencing workloads which can tolerate quantization to bytes and half-bytes).

The ray tracing cores 372 may accelerate ray tracing operations for both real-time ray tracing and non-real-time ray tracing implementations. In particular, the ray tracing cores 372 may include ray traversal/intersection circuitry for performing ray traversal using bounding volume hierarchies (BVHs) and identifying intersections between rays and primitives enclosed within the BVH volumes. The ray tracing cores 372 may also include circuitry for performing depth testing and culling (e.g., using a Z buffer or similar arrangement). In one implementation, the ray tracing cores 372 perform traversal and intersection operations in concert with the image denoising techniques described herein, at least a portion of which may be executed on the tensor cores 371. For example, the tensor cores 371 may implement a deep learning neural network to perform denoising of frames generated by the ray tracing cores 372. However, the CPU(s) 361, graphics cores 370, and/or ray tracing cores 372 may also implement all or a portion of the denoising and/or deep learning algorithms.

In addition, as described above, a distributed approach to denoising may be employed in which the GPU 380 is in a computing device coupled to other computing devices over a network or high-speed interconnect. In this distributed approach, the interconnected computing devices may share neural network learning/training data to improve the speed with which the overall system learns to perform denoising for different types of image frames and/or different graphics applications.

The ray tracing cores 372 may process all BVH traversal and/or ray-primitive intersections, saving the graphics cores 370 from being overloaded with thousands of instructions per ray. For example, each ray tracing core 372 includes a first set of specialized circuitry for performing bounding box tests (e.g., for traversal operations) and/or a second set of specialized circuitry for performing the ray-triangle intersection tests (e.g., intersecting rays which have been traversed). Thus, for example, the multi-core group 365A can simply launch a ray probe, and the ray tracing cores 372 independently perform ray traversal and intersection and return hit data (e.g., a hit, no hit, multiple hits, etc.) to the thread context. The other cores 370, 371 are freed to perform other graphics or compute work while the ray tracing cores 372 perform the traversal and intersection operations.

Optionally, each ray tracing core 372 may include a traversal unit to perform BVH testing operations and/or an intersection unit which performs ray-primitive intersection tests. The intersection unit generates a “hit”, “no hit”, or “multiple hit” response, which it provides to the appropriate thread. During the traversal and intersection operations, the execution resources of the other cores (e.g., graphics cores 370 and tensor cores 371) are freed to perform other forms of graphics work.

In one optional embodiment described below, a hybrid rasterization/ray tracing approach is used in which work is distributed between the graphics cores 370 and ray tracing cores 372.

The ray tracing cores 372 (and/or other cores 370, 371) may include hardware support for a ray tracing instruction set such as Microsoft's DirectX Ray Tracing (DXR) which includes a DispatchRays command, as well as ray-generation, closest-hit, any-hit, and miss shaders, which enable the assignment of unique sets of shaders and textures for each object. Another ray tracing platform which may be supported by the ray tracing cores 372, graphics cores 370 and tensor cores 371 is Vulkan 1.1.85. Note, however, that the underlying principles described herein are not limited to any particular ray tracing ISA.

In general, the various cores 372, 371, 370 may support a ray tracing instruction set that includes instructions/functions for one or more of ray generation, closest hit, any hit, ray-primitive intersection, per-primitive and hierarchical bounding box construction, miss, visit, and exceptions. More specifically, a preferred embodiment includes ray tracing instructions to perform one or more of the following functions:

Ray Generation—Ray generation instructions may be executed for each pixel, sample, or other user-defined work assignment.

Closest Hit—A closest hit instruction may be executed to locate the closest intersection point of a ray with primitives within a scene.

Any Hit—An any hit instruction identifies multiple intersections between a ray and primitives within a scene, potentially to identify a new closest intersection point.

Intersection—An intersection instruction performs a ray-primitive intersection test and outputs a result.

Per-primitive Bounding box Construction—This instruction builds a bounding box around a given primitive or group of primitives (e.g., when building a new BVH or other acceleration data structure).

Miss—Indicates that a ray misses all geometry within a scene, or specified region of a scene.

Visit—Indicates the children volumes a ray will traverse.

Exceptions—Includes various types of exception handlers (e.g., invoked for various error conditions).

Techniques for GPU to Host Processor Interconnection

FIG. 4A illustrates an exemplary architecture in which a plurality of GPUs 410-413, e.g., such as the parallel processors 200 shown in FIG. 2A, are communicatively coupled to a plurality of multi-core processors 405-406 over high-speed links 440A-440D (e.g., buses, point-to-point interconnects, etc.). The high-speed links 440A-440D may support a communication throughput of 4 GB/s, 30 GB/s, 80 GB/s or higher, depending on the implementation. Various interconnect protocols may be used including, but not limited to, PCIe 4.0 or 5.0 and NVLink 2.0. However, the underlying principles described herein are not limited to any particular communication protocol or throughput.

Two or more of the GPUs 410-413 may be interconnected over high-speed links 442A-442B, which may be implemented using the same or different protocols/links than those used for high-speed links 440A-440D. Similarly, two or more of the multi-core processors 405-406 may be connected over high speed link 443 which may be symmetric multi-processor (SMP) buses operating at 20 GB/s, 30 GB/s, 120 GB/s or higher. Alternatively, all communication between the various system components shown in FIG. 4A may be accomplished using the same protocols/links (e.g., over a common interconnection fabric). As mentioned, however, the underlying principles described herein are not limited to any particular type of interconnect technology.

Each multi-core processor 405-406 may be communicatively coupled to a processor memory 401-402, via memory interconnects 430A-430B, respectively, and each GPU 410-413 is communicatively coupled to GPU memory 420-423 over GPU memory interconnects 450A-450D, respectively. The memory interconnects 430A-430B and 450A-450D may utilize the same or different memory access technologies. By way of example, and not limitation, the processor memories 401-402 and GPU memories 420-423 may be volatile memories such as dynamic random-access memories (DRAMs) (including stacked DRAMs), Graphics DDR SDRAM (GDDR) (e.g., GDDR5, GDDR6), or High Bandwidth Memory (HBM) and/or may be non-volatile memories such as 3D XPoint/Optane or Nano-Ram. For example, some portion of the memories may be volatile memory and another portion may be non-volatile memory (e.g., using a two-level memory (2LM) hierarchy).

As described below, although the various processors 405-406 and GPUs 410-413 may be physically coupled to a particular memory 401-402, 420-423, respectively, a unified memory architecture may be implemented in which the same virtual system address space (also referred to as the “effective address” space) is distributed among all of the various physical memories. For example, processor memories 401-402 may each comprise 64 GB of the system memory address space and GPU memories 420-423 may each comprise 32 GB of the system memory address space (resulting in a total of 256 GB addressable memory in this example).

FIG. 4B illustrates additional optional details for an interconnection between a multi-core processor 407 and a graphics acceleration module 446. In some embodiments, the multi-core processor 407 and a graphics acceleration module 446 may implement aspects of computing architecture 900 (FIG. 9A), architecture 960 (FIG. 9B), method 1010 (FIG. 9C), and method 1030 (FIG. 9D). The graphics acceleration module 446 may include one or more GPU chips integrated on a line card which is coupled to the processor 407 via the high-speed link 440. Alternatively, the graphics acceleration module 446 may be integrated on the same package or chip as the processor 407.

The illustrated processor 407 includes a plurality of cores 460A-460D, each with a translation lookaside buffer 461A-461D and one or more caches 462A-462D. The cores may include various other components for executing instructions and processing data which are not illustrated to avoid obscuring the underlying principles of the components described herein (e.g., instruction fetch units, branch prediction units, decoders, execution units, reorder buffers, etc.). The caches 462A-462D may comprise level 1 (L1) and level 2 (L2) caches. In addition, one or more shared caches 456 may be included in the caching hierarchy and shared by sets of the cores 460A-460D. For example, one embodiment of the processor 407 includes 24 cores, each with its own L1 cache, twelve shared L2 caches, and twelve shared L3 caches. In this embodiment, one of the L2 and L3 caches are shared by two adjacent cores. The processor 407 and the graphics accelerator integration module 446 connect with system memory 441, which may include processor memories 401-402.

Coherency is maintained for data and instructions stored in the various caches 462A-462D, 456 and system memory 441 via inter-core communication over a coherence bus 464. For example, each cache may have cache coherency logic/circuitry associated therewith to communicate to over the coherence bus 464 in response to detected reads or writes to particular cache lines. In one implementation, a cache snooping protocol is implemented over the coherence bus 464 to snoop cache accesses. Cache snooping/coherency techniques are well understood by those of skill in the art and will not be described in detail here to avoid obscuring the underlying principles described herein.

A proxy circuit 425 may be provided that communicatively couples the graphics acceleration module 446 to the coherence bus 464, allowing the graphics acceleration module 446 to participate in the cache coherence protocol as a peer of the cores. In particular, an interface 435 provides connectivity to the proxy circuit 425 over high-speed link 440 (e.g., a PCIe bus, NVLink, etc.) and an interface 437 connects the graphics acceleration module 446 to the high-speed link 440.

In one implementation, an accelerator integration circuit 436 provides cache management, memory access, context management, and interrupt management services on behalf of a plurality of graphics processing engines 431, 432, N of the graphics acceleration module 446. The graphics processing engines 431, 432, N may each comprise a separate graphics processing unit (GPU). Alternatively, the graphics processing engines 431, 432, N may comprise different types of graphics processing engines within a GPU such as graphics execution units, media processing engines (e.g., video encoders/decoders), samplers, and blit engines. In other words, the graphics acceleration module may be a GPU with a plurality of graphics processing engines 431-432, N or the graphics processing engines 431-432, N may be individual GPUs integrated on a common package, line card, or chip.

The accelerator integration circuit 436 may include a memory management unit (MMU) 439 for performing various memory management functions such as virtual-to-physical memory translations (also referred to as effective-to-real memory translations) and memory access protocols for accessing system memory 441. The MMU 439 may also include a translation lookaside buffer (TLB) (not shown) for caching the virtual/effective to physical/real address translations. In one implementation, a cache 438 stores commands and data for efficient access by the graphics processing engines 431-432, N. The data stored in cache 438 and graphics memories 433-434, M may be kept coherent with the core caches 462A-462D, 456 and system memory 411. As mentioned, this may be accomplished via proxy circuit 425 which takes part in the cache coherency mechanism on behalf of cache 438 and memories 433-434, M (e.g., sending updates to the cache 438 related to modifications/accesses of cache lines on processor caches 462A-462D, 456 and receiving updates from the cache 438).

A set of registers 445 store context data for threads executed by the graphics processing engines 431-432, N and a context management circuit 448 manages the thread contexts. For example, the context management circuit 448 may perform save and restore operations to save and restore contexts of the various threads during contexts switches (e.g., where a first thread is saved and a second thread is stored so that the second thread can be execute by a graphics processing engine). For example, on a context switch, the context management circuit 448 may store current register values to a designated region in memory (e.g., identified by a context pointer). It may then restore the register values when returning to the context. An interrupt management circuit 447, for example, may receive and processes interrupts received from system devices.

In one implementation, virtual/effective addresses from a graphics processing engine 431 are translated to real/physical addresses in system memory 411 by the MMU 439. Optionally, the accelerator integration circuit 436 supports multiple (e.g., 4, 8, 16) graphics accelerator modules 446 and/or other accelerator devices. The graphics accelerator module 446 may be dedicated to a single application executed on the processor 407 or may be shared between multiple applications. Optionally, a virtualized graphics execution environment is provided in which the resources of the graphics processing engines 431-432, N are shared with multiple applications or virtual machines (VMs). The resources may be subdivided into “slices” which are allocated to different VMs and/or applications based on the processing requirements and priorities associated with the VMs and/or applications.

Thus, the accelerator integration circuit 436 acts as a bridge to the system for the graphics acceleration module 446 and provides address translation and system memory cache services. In one embodiment, to facilitate the bridging functionality, the accelerator integration circuit 436 may also include shared I/O 497 (e.g., PCIe, USB) and hardware to enable system control of voltage, clocking, performance, thermals, and security. The shared I/O 497 may utilize separate physical connections or may traverse the high-speed link 440. In addition, the accelerator integration circuit 436 may provide virtualization facilities for the host processor to manage virtualization of the graphics processing engines, interrupts, and memory management.

Because hardware resources of the graphics processing engines 431-432, N are mapped explicitly to the real address space seen by the host processor 407, any host processor can address these resources directly using an effective address value. One optional function of the accelerator integration circuit 436 is the physical separation of the graphics processing engines 431-432, N so that they appear to the system as independent units.

One or more graphics memories 433-434, M may be coupled to each of the graphics processing engines 431-432, N, respectively. The graphics memories 433-434, M store instructions and data being processed by each of the graphics processing engines 431-432, N. The graphics memories 433-434, M may be volatile memories such as DRAMs (including stacked DRAMs), GDDR memory (e.g., GDDR5, GDDR6), or HBM, and/or may be non-volatile memories such as 3D XPoint/Optane or Nano-Ram.

To reduce data traffic over the high-speed link 440, biasing techniques may be used to ensure that the data stored in graphics memories 433-434, M is data which will be used most frequently by the graphics processing engines 431-432, N and preferably not used by the cores 460A-460D (at least not frequently). Similarly, the biasing mechanism attempts to keep data needed by the cores (and preferably not the graphics processing engines 431-432, N) within the caches 462A-462D, 456 of the cores and system memory 411.

According to a variant shown in FIG. 4C the accelerator integration circuit 436 is integrated within the processor 407. The graphics processing engines 431-432, N communicate directly over the high-speed link 440 to the accelerator integration circuit 436 via interface 437 and interface 435 (which, again, may be utilize any form of bus or interface protocol). The accelerator integration circuit 436 may perform the same operations as those described with respect to FIG. 4B, but potentially at a higher throughput given its close proximity to the coherency bus 464 and caches 462A-462D, 456.

The embodiments described may support different programming models including a dedicated-process programming model (no graphics acceleration module virtualization) and shared programming models (with virtualization). The latter may include programming models which are controlled by the accelerator integration circuit 436 and programming models which are controlled by the graphics acceleration module 446.

In the embodiments of the dedicated process model, graphics processing engines 431-432, N may be dedicated to a single application or process under a single operating system. The single application can funnel other application requests to the graphics engines 431-432, N, providing virtualization within a VM/partition.

In the dedicated-process programming models, the graphics processing engines 431-432, N, may be shared by multiple VM/application partitions. The shared models require a system hypervisor to virtualize the graphics processing engines 431-432, N to allow access by each operating system. For single-partition systems without a hypervisor, the graphics processing engines 431-432, N are owned by the operating system. In both cases, the operating system can virtualize the graphics processing engines 431-432, N to provide access to each process or application.

For the shared programming model, the graphics acceleration module 446 or an individual graphics processing engine 431-432, N selects a process element using a process handle. The process elements may be stored in system memory 411 and be addressable using the effective address to real address translation techniques described herein. The process handle may be an implementation-specific value provided to the host process when registering its context with the graphics processing engine 431-432, N (that is, calling system software to add the process element to the process element linked list). The lower 16-bits of the process handle may be the offset of the process element within the process element linked list.

FIG. 4D illustrates an exemplary accelerator integration slice 490. As used herein, a “slice” comprises a specified portion of the processing resources of the accelerator integration circuit 436. Application effective address space 482 within system memory 411 stores process elements 483. The process elements 483 may be stored in response to GPU invocations 481 from applications 480 executed on the processor 407. A process element 483 contains the process state for the corresponding application 480. A work descriptor (WD) 484 contained in the process element 483 can be a single job requested by an application or may contain a pointer to a queue of jobs. In the latter case, the WD 484 is a pointer to the job request queue in the application's address space 482.

The graphics acceleration module 446 and/or the individual graphics processing engines 431-432, N can be shared by all or a subset of the processes in the system. For example, the technologies described herein may include an infrastructure for setting up the process state and sending a WD 484 to a graphics acceleration module 446 to start a job in a virtualized environment.

In one implementation, the dedicated-process programming model is implementation-specific. In this model, a single process owns the graphics acceleration module 446 or an individual graphics processing engine 431. Because the graphics acceleration module 446 is owned by a single process, the hypervisor initializes the accelerator integration circuit 436 for the owning partition and the operating system initializes the accelerator integration circuit 436 for the owning process at the time when the graphics acceleration module 446 is assigned.

In operation, a WD fetch unit 491 in the accelerator integration slice 490 fetches the next WD 484 which includes an indication of the work to be done by one of the graphics processing engines of the graphics acceleration module 446. Data from the WD 484 may be stored in registers 445 and used by the MMU 439, interrupt management circuit 447 and/or context management circuit 448 as illustrated. For example, the MMU 439 may include segment/page walk circuitry for accessing segment/page tables 486 within the OS virtual address space 485. The interrupt management circuit 447 may process interrupt events 492 received from the graphics acceleration module 446. When performing graphics operations, an effective address 493 generated by a graphics processing engine 431-432, N is translated to a real address by the MMU 439.

The same set of registers 445 may be duplicated for each graphics processing engine 431-432, N and/or graphics acceleration module 446 and may be initialized by the hypervisor or operating system. Each of these duplicated registers may be included in an accelerator integration slice 490. Exemplary registers that may be initialized by the hypervisor are shown in Table 1.

TABLE 1 Hypervisor Initialized Registers 1 Slice Control Register 2 Real Address (RA) Scheduled Processes Area Pointer 3 Authority Mask Override Register 4 Interrupt Vector Table Entry Offset 5 Interrupt Vector Table Entry Limit 6 State Register 7 Logical Partition ID 8 Real address (RA) Hypervisor Accelerator Utilization Record Pointer 9 Storage Description Register

Exemplary registers that may be initialized by the operating system are shown in Table 2.

TABLE 2 Operating System Initialized Registers 1 Process and Thread Identification 2 Effective Address (EA) Context Save/Restore Pointer 3 Virtual Address (VA) Accelerator Utilization Record Pointer 4 Virtual Address (VA) Storage Segment Table Pointer 5 Authority Mask 6 Work descriptor

Each WD 484 may be specific to a particular graphics acceleration module 446 and/or graphics processing engine 431-432, N. It contains all the information a graphics processing engine 431-432, N requires to do its work or it can be a pointer to a memory location where the application has set up a command queue of work to be completed.

FIG. 4E illustrates additional optional details of a shared model. It includes a hypervisor real address space 498 in which a process element list 499 is stored. The hypervisor real address space 498 is accessible via a hypervisor 496 which virtualizes the graphics acceleration module engines for the operating system 495.

The shared programming models allow for all or a subset of processes from all or a subset of partitions in the system to use a graphics acceleration module 446. There are two programming models where the graphics acceleration module 446 is shared by multiple processes and partitions: time-sliced shared and graphics directed shared.

In this model, the system hypervisor 496 owns the graphics acceleration module 446 and makes its function available to all operating systems 495. For a graphics acceleration module 446 to support virtualization by the system hypervisor 496, the graphics acceleration module 446 may adhere to the following requirements: 1) An application's job request must be autonomous (that is, the state does not need to be maintained between jobs), or the graphics acceleration module 446 must provide a context save and restore mechanism. 2) An application's job request is guaranteed by the graphics acceleration module 446 to complete in a specified amount of time, including any translation faults, or the graphics acceleration module 446 provides the ability to preempt the processing of the job. 3) The graphics acceleration module 446 must be guaranteed fairness between processes when operating in the directed shared programming model.

For the shared model, the application 480 may be required to make an operating system 495 system call with a graphics acceleration module 446 type, a work descriptor (WD), an authority mask register (AMR) value, and a context save/restore area pointer (CSRP). The graphics acceleration module 446 type describes the targeted acceleration function for the system call. The graphics acceleration module 446 type may be a system-specific value. The WD is formatted specifically for the graphics acceleration module 446 and can be in the form of a graphics acceleration module 446 command, an effective address pointer to a user-defined structure, an effective address pointer to a queue of commands, or any other data structure to describe the work to be done by the graphics acceleration module 446. In one embodiment, the AMR value is the AMR state to use for the current process. The value passed to the operating system is similar to an application setting the AMR. If the accelerator integration circuit 436 and graphics acceleration module 446 implementations do not support a User Authority Mask Override Register (UAMOR), the operating system may apply the current UAMOR value to the AMR value before passing the AMR in the hypervisor call. The hypervisor 496 may optionally apply the current Authority Mask Override Register (AMOR) value before placing the AMR into the process element 483. The CSRP may be one of the registers 445 containing the effective address of an area in the application's address space 482 for the graphics acceleration module 446 to save and restore the context state. This pointer is optional if no state is required to be saved between jobs or when a job is preempted. The context save/restore area may be pinned system memory.

Upon receiving the system call, the operating system 495 may verify that the application 480 has registered and been given the authority to use the graphics acceleration module 446. The operating system 495 then calls the hypervisor 496 with the information shown in Table 3.

TABLE 3 OS to Hypervisor Call Parameters 1 A work descriptor (WD) 2 An Authority Mask Register (AMR) value (potentially masked). 3 An effective address (EA) Context Save/Restore Area Pointer (CSRP) 4 A process ID (PID) and optional thread ID (TID) 5 A virtual address (VA) accelerator utilization record pointer (AURP) 6 The virtual address of the storage segment table pointer (SSTP) 7 A logical interrupt service number (LISN)

Upon receiving the hypervisor call, the hypervisor 496 verifies that the operating system 495 has registered and been given the authority to use the graphics acceleration module 446. The hypervisor 496 then puts the process element 483 into the process element linked list for the corresponding graphics acceleration module 446 type. The process element may include the information shown in Table 4.

TABLE 4 Process Element Information 1 A work descriptor (WD) 2 An Authority Mask Register (AMR) value (potentially masked). 3 An effective address (EA) Context Save/Restore Area Pointer (CSRP) 4 A process ID (PID) and optional thread ID (TID) 5 A virtual address (VA) accelerator utilization record pointer (AURP) 6 The virtual address of the storage segment table pointer (SSTP) 7 A logical interrupt service number (LISN) 8 Interrupt vector table, derived from the hypervisor call parameters. 9 A state register (SR) value 10 A logical partition ID (LPID) 11 A real address (RA) hypervisor accelerator utilization record pointer 12 The Storage Descriptor Register (SDR)

The hypervisor may initialize a plurality of accelerator integration slice 490 registers 445.

As illustrated in FIG. 4F, in one optional implementation a unified memory addressable via a common virtual memory address space used to access the physical processor memories 401-402 and GPU memories 420-423 is employed. In this implementation, operations executed on the GPUs 410-413 utilize the same virtual/effective memory address space to access the processors memories 401-402 and vice versa, thereby simplifying programmability. A first portion of the virtual/effective address space may be allocated to the processor memory 401, a second portion to the second processor memory 402, a third portion to the GPU memory 420, and so on. The entire virtual/effective memory space (sometimes referred to as the effective address space) may thereby be distributed across each of the processor memories 401-402 and GPU memories 420-423, allowing any processor or GPU to access any physical memory with a virtual address mapped to that memory.

Bias/coherence management circuitry 494A-494E within one or more of the MMUs 439A-439E may be provided that ensures cache coherence between the caches of the host processors (e.g., 405) and the GPUs 410-413 and implements biasing techniques indicating the physical memories in which certain types of data should be stored. While multiple instances of bias/coherence management circuitry 494A-494E are illustrated in FIG. 4F, the bias/coherence circuitry may be implemented within the MMU of one or more host processors 405 and/or within the accelerator integration circuit 436. In some embodiments, the host processor 405 may encrypt data and pointers with a key and share the key with GPUs 410-413 as described in the embodiments of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G), cryptographic diffusion and confusion 2580 (FIG. 7H) and/or resources diagram 2584 (FIG. 7I).

The GPU-attached memory 420-423 may be mapped as part of system memory, and accessed using shared virtual memory (SVM) technology, but without suffering the typical performance drawbacks associated with full system cache coherence. The ability to GPU-attached memory 420-423 to be accessed as system memory without onerous cache coherence overhead provides a beneficial operating environment for GPU offload. This arrangement allows the host processor 405 software to setup operands and access computation results, without the overhead of tradition I/O DMA data copies. Such traditional copies involve driver calls, interrupts and memory mapped I/O (MMIO) accesses that are all inefficient relative to simple memory accesses. At the same time, the ability to access GPU attached memory 420-423 without cache coherence overheads can be critical to the execution time of an offloaded computation. In cases with substantial streaming write memory traffic, for example, cache coherence overhead can significantly reduce the effective write bandwidth seen by a GPU 410-413. The efficiency of operand setup, the efficiency of results access, and the efficiency of GPU computation all play a role in determining the effectiveness of GPU offload.

A selection of between GPU bias and host processor bias may be driven by a bias tracker data structure. A bias table may be used, for example, which may be a page-granular structure (i.e., controlled at the granularity of a memory page) that includes 1 or 2 bits per GPU-attached memory page. The bias table may be implemented in a stolen memory range of one or more GPU-attached memories 420-423, with or without a bias cache in the GPU 410-413 (e.g., to cache frequently/recently used entries of the bias table). Alternatively, the entire bias table may be maintained within the GPU.

In one implementation, the bias table entry associated with each access to the GPU-attached memory 420-423 is accessed prior the actual access to the GPU memory, causing the following operations. First, local requests from the GPU 410-413 that find their page in GPU bias are forwarded directly to a corresponding GPU memory 420-423. Local requests from the GPU that find their page in host bias are forwarded to the processor 405 (e.g., over a high-speed link as discussed above). Optionally, requests from the processor 405 that find the requested page in host processor bias complete the request like a normal memory read. Alternatively, requests directed to a GPU-biased page may be forwarded to the GPU 410-413. The GPU may then transition the page to a host processor bias if it is not currently using the page.

The bias state of a page can be changed either by a software-based mechanism, a hardware-assisted software-based mechanism, or, for a limited set of cases, a purely hardware-based mechanism.

One mechanism for changing the bias state employs an API call (e.g., OpenCL), which, in turn, calls the GPU's device driver which, in turn, sends a message (or enqueues a command descriptor) to the GPU directing it to change the bias state and, for some transitions, perform a cache flushing operation in the host. The cache flushing operation is required for a transition from host processor 405 bias to GPU bias, but is not required for the opposite transition.

Cache coherency may be maintained by temporarily rendering GPU-biased pages uncacheable by the host processor 405. To access these pages, the processor 405 may request access from the GPU 410 which may or may not grant access right away, depending on the implementation. Thus, to reduce communication between the host processor 405 and GPU 410 it is beneficial to ensure that GPU-biased pages are those which are required by the GPU but not the host processor 405 and vice versa.

Graphics Processing Pipeline

FIG. 5 illustrates a graphics processing pipeline 500. A graphics multiprocessor, such as graphics multiprocessor 234 as in FIG. 2D, graphics multiprocessor 325 of FIG. 3A, graphics multiprocessor 350 of FIG. 3B can implement the illustrated graphics processing pipeline 500. The graphics multiprocessor can be included within the parallel processing subsystems as described herein, such as the parallel processor 200 of FIG. 2A, which may be related to the parallel processor(s) 112 of FIG. 1 and may be used in place of one of those. The various parallel processing systems can implement the graphics processing pipeline 500 via one or more instances of the parallel processing unit (e.g., parallel processing unit 202 of FIG. 2A) as described herein. For example, a shader unit (e.g., graphics multiprocessor 234 of FIG. 2C) may be configured to perform the functions of one or more of a vertex processing unit 504, a tessellation control processing unit 508, a tessellation evaluation processing unit 512, a geometry processing unit 516, and a fragment/pixel processing unit 524. The functions of data assembler 502, primitive assemblers 506, 514, 518, tessellation unit 510, rasterizer 522, and raster operations unit 526 may also be performed by other processing engines within a processing cluster (e.g., processing cluster 214 of FIG. 2A) and a corresponding partition unit (e.g., partition unit 220A-220N of FIG. 2A). The graphics processing pipeline 500 may also be implemented using dedicated processing units for one or more functions. It is also possible that one or more portions of the graphics processing pipeline 500 are performed by parallel processing logic within a general-purpose processor (e.g., CPU). Optionally, one or more portions of the graphics processing pipeline 500 can access on-chip memory (e.g., parallel processor memory 222 as in FIG. 2A) via a memory interface 528, which may be an instance of the memory interface 218 of FIG. 2A. The graphics processor pipeline 500 may also be implemented via a multi-core group 365A as in FIG. 3C.

The data assembler 502 is a processing unit that may collect vertex data for surfaces and primitives. The data assembler 502 then outputs the vertex data, including the vertex attributes, to the vertex processing unit 504. The vertex processing unit 504 is a programmable execution unit that executes vertex shader programs, lighting and transforming vertex data as specified by the vertex shader programs. The vertex processing unit 504 reads data that is stored in cache, local or system memory for use in processing the vertex data and may be programmed to transform the vertex data from an object-based coordinate representation to a world space coordinate space or a normalized device coordinate space.

A first instance of a primitive assembler 506 receives vertex attributes from the vertex processing unit 504. The primitive assembler 506 readings stored vertex attributes as needed and constructs graphics primitives for processing by tessellation control processing unit 508. The graphics primitives include triangles, line segments, points, patches, and so forth, as supported by various graphics processing application programming interfaces (APIs).

The tessellation control processing unit 508 treats the input vertices as control points for a geometric patch. The control points are transformed from an input representation from the patch (e.g., the patch's bases) to a representation that is suitable for use in surface evaluation by the tessellation evaluation processing unit 512. The tessellation control processing unit 508 can also compute tessellation factors for edges of geometric patches. A tessellation factor applies to a single edge and quantifies a view-dependent level of detail associated with the edge. A tessellation unit 510 is configured to receive the tessellation factors for edges of a patch and to tessellate the patch into multiple geometric primitives such as line, triangle, or quadrilateral primitives, which are transmitted to a tessellation evaluation processing unit 512. The tessellation evaluation processing unit 512 operates on parameterized coordinates of the subdivided patch to generate a surface representation and vertex attributes for each vertex associated with the geometric primitives.

A second instance of a primitive assembler 514 receives vertex attributes from the tessellation evaluation processing unit 512, reading stored vertex attributes as needed, and constructs graphics primitives for processing by the geometry processing unit 516. The geometry processing unit 516 is a programmable execution unit that executes geometry shader programs to transform graphics primitives received from primitive assembler 514 as specified by the geometry shader programs. The geometry processing unit 516 may be programmed to subdivide the graphics primitives into one or more new graphics primitives and calculate parameters used to rasterize the new graphics primitives.

The geometry processing unit 516 may be able to add or delete elements in the geometry stream. The geometry processing unit 516 outputs the parameters and vertices specifying new graphics primitives to primitive assembler 518. The primitive assembler 518 receives the parameters and vertices from the geometry processing unit 516 and constructs graphics primitives for processing by a viewport scale, cull, and clip unit 520. The geometry processing unit 516 reads data that is stored in parallel processor memory or system memory for use in processing the geometry data. The viewport scale, cull, and clip unit 520 performs clipping, culling, and viewport scaling and outputs processed graphics primitives to a rasterizer 522.

The rasterizer 522 can perform depth culling and other depth-based optimizations. The rasterizer 522 also performs scan conversion on the new graphics primitives to generate fragments and output those fragments and associated coverage data to the fragment/pixel processing unit 524. The fragment/pixel processing unit 524 is a programmable execution unit that is configured to execute fragment shader programs or pixel shader programs. The fragment/pixel processing unit 524 transforming fragments or pixels received from rasterizer 522, as specified by the fragment or pixel shader programs. For example, the fragment/pixel processing unit 524 may be programmed to perform operations included but not limited to texture mapping, shading, blending, texture correction and perspective correction to produce shaded fragments or pixels that are output to a raster operations unit 526. The fragment/pixel processing unit 524 can read data that is stored in either the parallel processor memory or the system memory for use when processing the fragment data. Fragment or pixel shader programs may be configured to shade at sample, pixel, tile, or other granularities depending on the sampling rate configured for the processing units.

The raster operations unit 526 is a processing unit that performs raster operations including, but not limited to stencil, z-test, blending, and the like, and outputs pixel data as processed graphics data to be stored in graphics memory (e.g., parallel processor memory 222 as in FIG. 2A, and/or system memory 104 as in FIG. 1), to be displayed on the one or more display device(s) 110 or for further processing by one of the one or more processor(s) 102 or parallel processor(s) 112. The raster operations unit 526 may be configured to compress z or color data that is written to memory and decompress z or color data that is read from memory.

Encryption Technology

Fine Grain Per Thread and Per GPU Slice Isolation (FIGS. 6A-6F)

As illustrated in FIG. 6A, some embodiments are drawn to low latency bit length-parameterizable ciphers to encrypt GPU thread data in a SIMD environment. A different encryption key may be used per lane enabling a fine granular encryption scheme. A granular, lane-specific encryption process 600 is illustrated.

In this example, a graphics processor core 602 includes a first lane 602 a, a second lane 602 b and a N lane 602 c are illustrated. Each of the first lane 602 a, second lane 602 b and N lane 602 c may execute a SIMD and/or SIMT process. For example, each of the SIMD lanes may process a different GPU thread associated with different tenants. Each of the first lane 602 a, the second lane 602 b and the N lane 602 c may include hardware elements, such as vector register elements, thread processors, memory, etc. In some embodiments, each of the threads must present credentials for security and to identify appropriate encryption keys.

For example, the first lane 602 a may execute a first thread associated with a first tenant, and the second lane 602 b may execute a second thread associated with a second tenant, the N lane 602 c may execute a N thread associated with an N tenant. The first lane 602 a, second lane 602 b and N lane 602 c may be associated with a same computing architecture (e.g., located on a same SoC and/or graphics processor), and in particular a same core of the graphics processor 602. In this example, different threads may be encrypted differently. For example, in a multi-tenant scenario, multiple tenants may share resources. Some conventional application may only enforce encryption enforcement at a context level so that data for each context is isolated into different portions of a graphics processor at a core level and encrypted accordingly. For example, each context may need a separate core to execute on and may not share the core with other contexts. Such applications may not encrypt at a granular level that permits dispersed distribution of context data throughout the first-N lanes 602 a-602 c of the graphics processor core 602 (e.g., in a discontinuous fashion) and inefficiently uses the core (e.g., if a context cannot use all lanes). Some embodiments efficiently enforce isolation boundaries at a lane level such that different contexts (e.g., tenants) may share a same core, such as graphics processor core 602.

A key manager 602 j may provide a first key 602 g, second key 602 h and N key 602 i to the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f respectively based on workloads and the credentials. For example, the key manager 602 j may identify a context and/or tenant, as well as credentials associated with threads being executed, identify a key associated with the context and/or tenant and provide the key to the appropriate first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f.

In this example, the first lane 602 a may process a first thread associated with a first tenant (or first context), and generate data associated with the first thread (e.g., first thread is processed and generates data). The key manager 602 j may identify that the first lane 602 a is executing on behalf of the first tenant and provide the first key 602 g to the first encryption engine 602 d based on the first key being assigned to the first tenant. As the first lane 602 a generates data associated with the first thread, the first encryption engine 602 d encrypts the data with the first key 602 g.

The second lane 602 b may process a second thread associated with a second tenant (or second context), and generates data associated with the second thread (e.g., second thread is processed and generates data). The key manager 602 j may identify that the second lane 602 b is executing on behalf of the second tenant and provide the second key 602 h to the second encryption engine 602 e based on the second key being assigned to the first tenant. As the second lane 602 b generates data associated with the second thread, the second encryption engine 602 e encrypts the data with the second key 602 h. It is worthwhile to note that the first encryption engine 602 d, the second encryption engine 602 e and N encryption engine 602 f may concurrently encrypt data from the first lane 602 a, second lane 602 b and N lane 602 c in synchronization of clock cycles.

The N lane 602 c may process an N thread associated with an N tenant (or N context), and generate data associated with the N thread (e.g., N thread is processed and generates data). The key manager 602 j may identify that the N lane 602 c is executing on behalf of the N tenant and provide the N key 602 i to the N encryption engine 602 f based on the N key being assigned to the N tenant. As the N lane 602 c generates data associated with the N thread, the N encryption engine 602 f encrypts the data with the N key 602 i.

Thus, each of the first lane 602 a, second lane 602 b and N lane 602 c may be coupled with to a dedicated encryption engine of the first encryption engine 602 d, the second encryption engine 602 e and the N encryption engine 602 f to securely encrypt data. As such, each of the first lane 602 a, second lane 602 b and N lane 602 c may have the flexibility to be encrypted differently than the other lanes of the first lane 602 a, second lane 602 b and N lane 602 c, isolating threads at a granular lane level as opposed to a coarse core level.

The process 600 provides the encrypted data to device memory 604, 606. The device memory 604 may store encrypted first data 604 a generated by the first lane 602 a, encrypted second data 604 b generated by the second lane 602 b and encrypted N data 604N generated by the N lane 602 c. The process 600 may then identify data requests 610. In some embodiments, each of the encrypted first data 604 a, encrypted second data 604 b and encrypted N data 604N may be stored in association with credentials for a thread that generated the respective data to facilitate retrieval (e.g., by a CPU and/or the GPU).

Furthermore, FIG. 6A illustrates a 1 to 1 association between an encrypted data, a lane such as first-n lanes 602 a-602 c, a graphics engine and an encryption/decryption engine such as the first encryption engine 602 d, the second encryption engine 602 e, and the N encryption engine 602 f, it is to be understood that in some embodiments a “lane” may include multiple graphics compute engines, and/or encryption engines. Thus, some embodiments may include an encryption/decryption engine per graphics engine, with each lane include multiple encryption/decryption engines and graphics engines producing data that is encrypted differently from each other with the encryption/decryption engines.

In some embodiments, a policy for determining the number of compute resources, memory, buffers, engines etc. may be based on an “Edge or Cloud workload” that may contain a Service Level Agreement (SLA) that authorizes use of greater or fewer resources on a GPU and a target completion time as a form of quality of service (QoS) for execution of a workload.

Turning now to FIG. 6B, process 600 may execute data specific decryption 612 based on the encrypted first data 604 a, encrypted second data 604 b and encrypted N data 604N retrieved from the device memory 604. For example, the key manager 602 j may identify a marker or identification from the encrypted first data 604 a, encrypted second data 604 b and encrypted N data 604N to identify appropriate keys for decryption based on the corresponding encryption keys. In some embodiments, a method for provisioning a user and/or tenant key into the key manager 602 j (e.g., a crypto key manager) uses a (Process Address Space ID) PASID structure or similar structure that maintains a table of per-tenant context that allows the key manager 602 j to relate various tenant-specific keys to a tenant ‘slice’. The key manager 602 j may use a handle, PASID value, a public key or a tenant identifier as the ‘marker’ that identifies the tenant security context.

In some embodiments, the key manager 602 j may identify that the encrypted first data 604 a was encrypted by the first encryption engine 602 d, and a time that the encryption occurred. Based on these identifications, the key manager 602 j may determine that the first encryption engine 602 d was utilizing the first key 602 g during encryption of the encrypted first data 604 a. Other implementations may be possible as well. For example, the encrypted first data 604 a may include a value or field indicating that the first key 602 g was used to encrypt the encrypted first data 604 a. In some embodiments, credentials associated with a thread requesting the encrypted first data 604 a may be verified and the first key 602 g may be identified based on the credentials (e.g., the thread is associated with the first tenant).

In this example, the encrypted first data 604 a is to be processed by the first lane 602 a, so the key manager 602 j provides the first key 602 g to the first encryption engine 602 d. Likewise, the key manager 602 j may provide the second key 602 h to the second encryption engine 602 e based on an identification that the encrypted second data 604 b is assigned to the second lane 602 b. Similarly, the key manager 602 j may provide the third key 602 i to the N encryption engine 602 f based on an identification that the encrypted N data 604N is assigned to the N lane 602 c. Thus, the first encryption engine 602 d, the second encryption engine 602 e and the N encryption engine 602 f may decrypt the encrypted first data 604 a, encrypted second data 604 b and encrypted N data 604N to generate decrypted first data 614 a, decrypted second data 614 b and decrypted N data 614N. The first lane 602 a, second lane 602 b and N lane 602 c may begin further processing on the decrypted first data 614 a, decrypted second data 614 b and decrypted N data 614N.

It will be understood that the above operations are flexible. For example, the data may be distributed different. For example, the first lane 602 a may generate data that is encrypted with the first encryption engine 602 d. Later, the data may be retrieved, decrypted by the N encryption engine 602 f and operated on by the N lane 602 c. That is, data may be transferred between lanes assuming that security protocols are complied with.

In some embodiments, the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f may implement a specific parameterizable cipher to encrypt GPU thread data. Each workload (e.g., first thread, second thread, N thread) may present credentials to the graphics processor core 602 to request exclusive use of a graphics processor core 602 slice. The request may be supported as part of a graphics processor core 602 instruction. Furthermore, the request may also come to the graphics processor core 602 as part of an associated driver. Responsive to the request, various keys may be generated and utilized for encryption and decryption in processes associated with the workload and/or tenant by the key manager 602 j. In some embodiments, a graphics processor core 602 slice may belong to a single isolated thread or a group of isolated threads.

Thus, some embodiments may enable encryption at far more granular levels (e.g., 32 bits and/or 64 bits) corresponding to lane size. Concurrently, multiple lanes may be encrypted according to different encryption keys to enable tenants to utilize a same graphics processor core 602 while respecting privacy, isolation and data compartmentalization between tenants. Furthermore, doing so enable more flexibility to write code that multiplies matrices. For example, some applications may set scalars of a fused multiply—add (FMA), which are part of the same vector FMA, need to be associated with the same workload, up to some minimum acceptable size. Embodiments as described herein may use each parallel scalar FMA, which is part of a vector FMA, may be associated with a different isolated workload.

Furthermore, the encryptions and decryptions may occur inside the graphics processor core 602 to avoid transference of unencrypted data along busses or other mediums. The graphics processor core 602 may be a tensor core that execute 3 clocks per operation (e.g., within circuits currently meet timings in frequencies up to 4 GHz) and in parallel across threads. In some embodiments, the encryptions and decryptions may occur inside in the graphics processor core 602.

The inclusion of lightweight encryption engines, such as the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f, may avoid some standards, such as the Advanced Encryption Standard (which may take up to 12 clock cycles to execute), and may be a drop-in replacement that provides performance enhancements. Some embodiments may include the key manager 602 j that flexibly provisions the same tenant key across multiple fine-grain threads to achieve wide word sizes seamlessly for workloads that require a greater percentage of resources of the graphics processor core 602.

In some embodiments, the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f may implement K-ciphers. Details are provided by Table I:

TABLE I Latency Number of Cipher Area (μm²) (psec) clocks Frequency K-cipher Enc.- 614 613 3 4.9 Ghz 32, r = 2 K-cipher Enc.- 1875 767 3 3.9 GHz 64, r = 2

FIG. 6C illustrates a SIMD architecture 660. The encryption architecture 660 includes GPU cores 662 that includes lanes that process threads as described herein. The GPU cores 662 may be connected with encryption engines 664 to encrypt and decrypt data. A local memory 666 and/or device memory may store the encrypted data. In some embodiments, the local memory 666, encryption engines 664 and GPU cores 662 may be part of a same graphics processor, while the device memory 668 may be separate from the graphics processor.

FIG. 6D illustrates a method 670. FIG. 6D shows a method 670 that may provide enhanced and granular decryption and encryption. The method 670 may generally be implemented in any of the embodiments described herein, and may implement aspects of the key manager 602 j and the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f (FIGS. 6A and 6B) and/or be combined with the SIMD architecture 660 (FIG. 6C). In an embodiment, the method 670 is implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as random access memory (RAM), read only memory (ROM), programmable ROM (PROM), firmware, flash memory, etc., in configurable logic such as, for example, programmable logic arrays (PLAs), field programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), in fixed-functionality logic hardware using circuit technology such as, for example, application specific integrated circuit (ASIC), complementary metal oxide semiconductor (CMOS) or transistor-transistor logic (TTL) technology, or any combination thereof.

For example, computer program code to carry out operations shown in the method 670 may be written in any combination of one or more programming languages, including an object oriented programming language such as JAVA, SMALLTALK, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. Additionally, logic instructions might include assembler instructions, instruction set architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, state-setting data, configuration data for integrated circuitry, state information that personalizes electronic circuitry and/or other structural components that are native to hardware (e.g., host processor, central processing unit/CPU, microcontroller, etc.).

Illustrated processing block 672 receives a write request. Illustrated processing block 674 identifies a tenant associated with the write request. Illustrated processing block 676 determines whether a tenant encryption key exists for the tenant. If not, illustrated processing block 678 generates a new encryption key for the tenant. The encryption key may be stored in association with credentials of the tenant for further referencing. Illustrated processing block 680 encrypts the data according to the encryption key. Illustrated processing block 682 stores the encrypted data. While not illustrated, the encrypted data may be decrypted based on the encryption key and based on a request associated with a thread of the tenant that has the credentials.

FIG. 6E illustrates a method 690 to process read requests. The method 690 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the key manager 602 j and the first encryption engine 602 d, second encryption engine 602 e and N encryption engine 602 f (FIGS. 6A and 6B), method 670 (FIG. 6D), and/or be combined with the SIMD architecture 660 (FIG. 6C) already discussed. More particularly, the method 690 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 692 receives a read request. Illustrated processing block 694 identifies a key (e.g., a tenant specific key) associated with a tenant of the read request. In some embodiments, the key may be identified based on credentials associated with the key and/or a requesting thread. Illustrated processing block 696 decrypts data according to the key. Illustrated processing block 698 sends the decrypted data to a requesting device (e.g., a graphics processor and/or lane).

FIG. 6F illustrates an encryption and storage process 3300. The process 3300 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example process 600 (FIGS. 6A and 6B), method 670 (FIG. 6D), method 690 (FIG. 6E) and/or be combined with the SIMD architecture 660 (FIG. 6C) already discussed. In FIG. 6F, a plurality of execution cores 3302 of a GPU execute operations. The execution units may execute workloads associated with different contexts. A first core 3304, a second core 3306 and a third core 3310 may execute different workloads associated with different contexts. In this example, the first core 3304 may include execution units 3304 a that produce data for different contexts and/or tenants. The data is encrypted by the lightweight cryptographic engines 3304 b according to a first encryption (e.g., a first encryption key), a second encryption (e.g., a second encryption key), a third encryption (e.g., a third encryption key) and a fourth encryption (e.g., a fourth encryption key). For example, first workloads associated with a first tenant may be encrypted according to the first encryption, second workloads associated with a second tenant may be encrypted according to the second encryption, third workloads associated with a third tenant may be encrypted according to the third encryption, and fourth workloads associated with a fourth tenant may be encrypted according to the fourth encryption.

The first-fourth workloads may be distributed through the first core 3304, the second core 3306 and the third core 3308 resulting in the first-fourth encryptions being applied in each of the first core 3304, the second core 3306 and the third core 3308. For example, the lightweight cryptographic engines 3306 b of the second core 3306 may encrypt data from the execution units 3306 a according to the first-fourth encryptions, and the lightweight cryptographic engines 3308 b of the third core 3308 may encrypt data from the execution units 3308 a according to the first-fourth encryptions.

Similarly encrypted data may be associated with a same tenant. As such, the data encrypted according to the first encryption from the first core 3304, the second core 3306 and the third core 3308 may be concatenated together (e.g., in the GPU) to form a larger sized block width (e.g., 32 bits) for storage. The GPU may further concatenate together data that is encrypted according to the second encryption. The GPU may further concatenate together data that is encrypted according to the third encryption. The GPU may further concatenate together data that is encrypted according to the fourth encryption. The GPU may thus store the concatenated encrypted data 3314 in the cache 3316.

Thus, some embodiment may permit flexible workload distribution with encryption on a lane-by-lane basis. In some examples, each workload may execute within a same lane of the first core 3304, second core 3306 and third core 3308 for the lifetime of operations of the workload. In some embodiments, operations of a workload may be distributed through multiple lanes which are each encrypted according to a same key.

While not illustrated, when the encrypted data in the cache 3316 is to be decrypted, the GPU may access a data structure indicating how the data was encrypted (e.g., according to one of the first-fourth encryptions). An identifying element from the data may be used to identify the encryption scheme and with reference to the data structure.

Thus, embodiments support isolation and multitenancy and different levels of granularity (e.g., both vertically and horizontally isolated matrix multiplication). Moreover, some embodiments provide more flexibility to operate on code that multiplies matrices, while enforcing isolation. For example, in conventional approaches, a set scalar of fused multiply—adds (FMAs), which are part of the same vector (FMAs), need to be associated with the same workload, up to some minimum acceptable size to justify utilization of an entire execution unit (e.g., a certain number of lanes of the execution unit must be occupied to justify execution while still enforcing isolation). That is, isolation principles may not permit other workloads to execute on the execution unit to use unoccupied lanes. In some embodiments herein, each parallel scalar FMA, which is part of a vector FMA, may be associated with a different isolated workload executing on a same execution unit (multiple workloads execute on a same execution unit isolated in different lanes). The same principle may apply to other types of scalar operations.

Further, with respect to code streamers, a small(er) number of code streamers may not be a limitation. Embodiments may execute efficiently if the workloads that are isolated at a finer granularity execute the same code stream, which may be the case for machine learning (ML) workloads.

For example, ML workloads may be characterized by sequential matrix multiplications and fewer data dependent branches. Moreover, with regard to security considerations, lightweight 32-bit and 64-bit encryption systems may acceptably secure data. For example, Simon and Speck ciphers support 32-bit and 64-bit lengths. A PRINCE cipher performs encryption at 64-bit block granularity. Additionally, a key size in such ciphers may be much larger than the block size (e.g., a 32-bit block cipher approximates an ideal primitive, which is the 32-bit random permutation). The space of all 32-bit random permutations may be (232)!˜=232,000,000,000 using Stirling's approximation and a 64- or 128-bit key defines a still cryptographically large space, which is not trivially searched. Thus, the lightweight cryptographic engines 3304 b, 3306 b, 3308 b may implement lightweight ciphers (e.g., 32-bit or 64-bit) including Simon, Speck, PRINCE, K-cipher, etc. to provide a fine grain per SIMD lane isolation.

Moreover, with respect to security concerns, an intra-domain adversary may attempt to form dictionaries and launch dictionary-based attacks (i.e., use known plaintext-ciphertext pairs) and it may take about 232 efforts for such attacks when using the 32-bit cipher for instance. In the context of a GPU workload isolation, such considerations may be irrelevant because the intra-domain adversary may directly access or overwrite a victim's data. Moreover, an inter-domain adversary only observes ciphertexts. Accordingly, the cryptographic challenge is more difficult, and an adversary cannot determine which permutation is used for concealing the victim's data among the numerous choices.

Embodiments therefore provide flexibility in isolation granularity. For example, some embodiments involve per SIMD lane isolation and involve a lightweight cipher that may replaces the AES engine of conventional architectures for performance reasons.

Method of Deciding Whether Content is Artificially Generated (FIGS. 6G-6I)

Deep fakes (e.g., synthetic media in which a person in an existing image or video is modified or replaced) have become increasingly common as graphics processing power has increased. In an effort to curb the reach of deep fakes, machine learning (ML) algorithms may attempt to classify data as a deep fake or a genuine image. Doing so however may be problematic and prone to error. For example, consider a first false positive scenario that may include a claim. Suppose that an image A is genuine and not a deep fake. A “defender” may successfully generate a similar image B (may be similar to image A) using an ML algorithm and a number of ML models for the description of the entities involved (e.g., faces, voices, people, buildings etc.) The “defender” may thus successfully put forward a case that the content of A is a deep fake, whereas in reality the image A is genuine.

Consider second false positive example. Suppose that an image A genuine and not a deep fake. Suppose further that a defender successfully generates by means of artificial intelligence (AI) algorithm, an alleged “source” image B, which has content overlapping with A, but semantically conveys a different meaning (e.g., the same person X shakes hands with person Y as opposed to person Z). In reality, image B is a deep fake. Image B is created using an ML algorithm and a number of ML models for the description of the entities involved (e.g., faces, voices, people, buildings etc.). The defender successfully makes a case that some of the content of A was copy-pasted from the alleged source B or inserted using a range of valid transformations. In this case A is shown to be synthetic (a deep fake), even though it is not.

Now consider a first false negative scenario. Suppose that an image A is a deep fake. Specifically, it is synthetically generated using simple transformations from a source image B. A “defender” may present the true source image B from which some of the content was copy-pasted or extracted using a range of valid transformations. An “offender”, however, may make a case that the true source B is also a deep fake by presenting an ML algorithm and a set of ML models that synthetically generate the content of true source image B, thus falsely indicating that the true source image B is a deep fake.

Now consider a second false negative scenario. An image may be a deep fake. A “defender” presents the true source image “B” from which some of the content was copy-pasted or extracted using a range of valid transformations. An “offender” produces additional content (e.g., audio files, video files, etc.) all of which are synthetically generated, and which the offender claims as original, that are semantically linked with the deep fake image and indicates falsely that it is a valid image.

As such, there may be significant difficulty in detecting deep fakes. The examples above indicate that as AI and/or ML algorithms evolve and result in more convincing synthetic content, the more difficult it is to detect deep fakes. For example, an average person would be unable to detect a deep fake in a practical manner.

Turning now to FIG. 6G, a performance enhanced computing architecture 3400 is shown. Some embodiments relate to a concept, schematics and functionality of a “Distributed Trustworthiness Record” (DTR) 3404, which is a data structure that may be used by rating agency 3408 to compute trustworthiness scores for content 3402. The content 3402 may be any type of content, such as video, audio, etc.

A plurality of applications 3406 (e.g., different sources) may enter claims into the DTR 3404. For example, a first application 3406 a may enter a claim into entry 1 3404 a, a second application 3406 b may enter a claim into entry 2 3404 b, a third application 3406 c may enter a claim into entry 3 3404 c, and an N application 3406 n may enter a claim into entry N 3404 n. Thus, the DTR 3404 may include a plurality of claims from various application 3406 (e.g., different sources of analysis).

Notably, some of the claims may not be consistent with each other. For example, the first application 3406 a may enter a claim that states that the content 3402 is a deep fake, while the third application 3406 c may enter a claim that indicates that the content 3402 is genuine. Each of the claims however may include an indication of whether the content 3402 is fake or genuine, and how the indication was reached. The rating agency 3408 may analyze the claims and output a trustworthiness score that corresponds to whether the content 3402 is genuine or fake.

If there are conflicting “opinions” about content 3402, they are all inserted in the DTR 3404 and the rating agency 3408 (e.g., an ML algorithm) analyzes the claims (including the conflicting claims) for a score computation that generates a trustworthiness score. Thus, the DTR 3404 allows the plurality of applications 3406 (e.g., defenders) to place suggestions for the true source of a content 3402 together with the list of suggested transformations (e.g., machine algorithms) that produced the content.

In some embodiments, the DTR 3404 may be completely distributed (e.g., a distributed ledger provided across a plurality of nodes) or a centralized data structure. The term “distributed” in the name DTR 3404 refers to the notion that the DTR 3404 may be accessed by multiple parties for inputting claims and/or analyzing claims. In some embodiments, the DTR 3404 and/or the rating agency 3408 may implement access control functions and access control policies when accessing the DTR 3404. DTR 3404 may be accessed by the rating agency 3408, or in some embodiments, a plurality of rating agencies.

The rating agency 3408 may be a ML algorithm and/or other evaluation algorithms. The rating agency 3408 may inspect the entries 1-N 3404 a-3404 n of the DTR 3404 and compute a trustworthiness score for the content 3402. The trustworthiness score may correspond to whether the content 3402 is real or a deep fake.

In some embodiments, when one application of the plurality of applications 3406 inserts a claim into the DTR 3404, the one application may also be required to provide a ML model that generated the analysis (e.g., real or deep fake), an algorithm that was used in the analysis of the content 3402, a code that implements aspects of the analysis of the content 3402, the analysis (e.g., whether real or deep fake) of the content 3402, and a date and duration of any related experiment (e.g., an experiment may include a set of transformations [legitimate or malicious] applied on an original image to convert it to the one that is being classified). Training data may also be provided in some embodiments as part of the claims. Algorithms involved in any experiment described in the claim and a corresponding entry of the DTR 3404 may include non-ML algorithms performed on image data such as translation operations, rotation operations, scaling operations, lighting operations, color correction operations, sharpening operations, blurring operations to determine whether the content 3402 is genuine or fake. Some embodiments may further include ML algorithms used to analyze the content 3402 such as synthetic generation based on deep neural networks (DNNs), generative adversarial networks (GANs) etc. to determine whether the content 3402 is genuine or fake.

An example of entry 1 3404 a (e.g., first claim) is shown in more detail. Claim 1 suggests that an image of the content 3402 is a fake (e.g., specifically “copy-pasted” from some source). There is a link to an original source with a valid list of non-ML transformations, indicating how the content extraction was executed.

An example of the entry 2 3404 b (e.g., second claim) suggests that the image is original. Further entry 2 3404 b may include a link to an ML algorithm (e.g., a reproductive algorithm) and model capable of reproducing the alleged “source” of entry 1 3404 a (e.g., claim 1) synthetically.

An example of the entry 3 3404 c suggests that the image of the content 3402 is a deep fake. Entry 3 3404 c includes a link to an ML algorithm and model, capable of reproducing the image of the content 3402 synthetically.

An entry N 3404 n, which is the last entry in the DTR 3404, suggests that the image is original. Entry N 3404 n includes is a link to an audio file independently recorded that semantically conveys the same information as the image.

All data in entry 1 3404 a-entry N 3404 n (e.g., the analysis, the algorithms, the suggested durations and the nature of claims) are evaluated by the rating agency 3408. In some embodiments, the rating agency 3408 is one of a heuristics-based on an ML algorithm, and returns the trustworthiness score for the content 3402. In some embodiments, the evaluation by the rating agency 3408 may include a human input (e.g., adjustment of an algorithm, etc.) as well.

The rating agency 3408 includes a GPU 3408 a that may execute a neural network or deep learning process. In some embodiments, the rating agency 3408 evaluates all claims contained in the DTR 3404 to determine a trustworthiness score. In some embodiments, the rating agency 3408 is completely automated. In some embodiments, an action may automatically be executed based on the trustworthiness score. For example, if the content 3402 relates to a biometric authentication (e.g., voice, audio, fingerprint, facial recognition, etc.) of a user. If the trustworthiness corresponds to a deep fake, further authentications may be executed to confirm if the user is genuine, and/or blocking the user from accessing certain functions associated with a computing device.

FIG. 6H illustrates an entry 3420 in a DTR. The entry 3420 may correspond to any of the aforementioned entry 1 3404 a-entry N 3404 n (FIG. 6G) already discussed. The entry 3420 may include a claim summary 3420 a (e.g., whether content is a deep fake or genuine). The claim summary 3420 a may be encoded. The entry 3420 may include an algorithmic information 3420 b (e.g., an algorithm used in the analysis, for example reproducing the content or confirming the authenticity of the content, an ID of the algorithm, type of algorithm, and a link to the code of the algorithm). The entry 3420 may include supporting data 3420 c (e.g., image, audio, ML models), training data 3420 d, a date 3420 e that the analysis was conducted, a proof of work 3420 f (e.g., provides a fair mechanism for accessing the ledger allowing all opinions to be inserted) and a cryptographic authentication 3420 g.

In some embodiments, the more original (e.g., unique) the supporting content 3420 c, the more computationally difficult it is to dispute the supporting content 3420 c. For example, it may be difficult to show that the supporting content 3420 c is the result of an expensive ML computation. In such cases, a rating agency may identify that the entry 3420 is associated with a correct analysis and weight the entry 3420 with an increased weight when computing the trustworthiness score.

In some embodiments, the difficulty of a cryptographic puzzle may be a function of the ML computing capability indicated in the claims. If an entity is capable of making claims by producing synthetic images, the proof of work 3420 f required for inserting content in the ledger at entry 3420 for this entity should be higher

FIG. 6I illustrates a method 3500 to enter data into a ledger. The method 3500 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 3400 (FIG. 6G) already discussed. More particularly, the method 3500 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 3502 receives a first claim from a third-party. The claim may be associated with content. Illustrated processing block 3504 determines if the third-party has already submitted a claim. If so, illustrated processing block 3506 determines if the requirements for re-entry have been met. Illustrated processing block 3506 may prevent entities from dominating the ledger with claims biased toward one specific way of perceiving the content (e.g., fake or not). For example, the requirements may include a greater proof of work, whether a time difference between the submitted claim and the first claim meets a threshold, etc. If the requirements have been met, illustrated processing block 3510 enters the first claim into the DTE. Otherwise, processing block 3508 bypasses entry of the claim.

Method 3500 may be applicable for a centralized data repository (DB). In case of a distributed ledger, some embodiments may accept repeating entries from the same entity. A rating agency, such as rating agency 3408 of FIG. 6G, may include logic that counts only the latest claim form every party in the event that the distribute leger is a centralized data repository.

Unified Platform Memory Encryption (FIGS. 7A-7D)

Some embodiments share cryptographic logic between a CPU and platform accelerators. For example, a computing architecture 1150 illustrated in FIG. 7A may reduce computing resources, power usage and area size while enforcing trust domain boundaries. The computing architecture 1150 may include accelerators 1152 that include first accelerator 1152 a-fourth accelerator 1152 d. The accelerators 1152 may be specialized accelerators for different applications, such as deep learning, GPU accelerator, or may be general accelerators. Each of the accelerators 1152 may be specialized for a different purpose. The accelerators 1152 may require cryptographic protection of data stored in memory 1174 for secure usages (e.g., multi-tenant situations, virtual machines operating concurrently, protected content such as digital rights management (DRM)). Hence, some embodiments include cryptographic support at a reduce hardware cost size and enhanced efficiency.

For example, rather that providing the desired cryptographic support within each of the accelerators 1152, some embodiments include a centralized converged cryptographic engine (CCE) 1160 and a secure path between the accelerators 1152 and the CCE 1160. For example, a CPU 1162 and any other elements outside of a trust computing base (TCB) associated with the accelerators 1152 may not have access to the path between the CCE 1160 and the accelerators 1152 to enhance security. In such a manner, unencrypted data between the accelerators 1152 and CCE 1160 may not be intercepted and read by compromised hardware such as the CPU 1162. Thus, some embodiments may enhance security while reducing the size for executing cryptographic operations of the accelerators 1152. For example, if each of the accelerators 1152 included separate encryption hardware, the size (e.g., number of gates) may substantially increase resulting in increased power consumption and cost. The addition of further security properties (e.g., integrity and replay protection), may add significantly to the overall area and/or power and the effect may be amplified with the same logic getting replicated across various accelerators 1152. As such, some embodiments include a centralized CEE 1160.

Thus, some embodiments include a method and apparatus to unify the cryptographic support for the accelerators 1152 using the CCE 1160. The CCE 1160 is interposed on the memory path between the memory 1174 and the accelerators 1152 to encrypt and decrypt data.

For example, a trusted execution environment (TEE) 850 and/or any other secure element (e.g., Basic Input/Output System and/or Unified Extensible Firmware Interface) of the architecture 1150 may partition keys 852 (e.g., a KeyID partitioning scheme) to create a first key domain 1148 a (e.g., encryption keys) and a second key domain 1148 b (e.g., encryption keys). In some embodiments, the TEE 850 further assigns keys to the CPU 1162. Moreover, some embodiments may permit a centralized update to the CEE 1160 rather than requiring a plurality of distributed crypto engines to be updated.

For example, the TEE 850 may implement a key partitioning scheme to partition the keys between different trust domains. The TEE 850 may generate the first key domain 1148 a for a first trust domain, and the second key domain 1148 b for a second trust domain. The first trust domain may include the first and second accelerators 1152 a, 1152 b, while the second trust domain may include the third and fourth accelerators 1152 c, 1152 d. While the first and second trust domains are shown as distinct from each other, in some embodiments the first and second trust domains may overlap. For example, the one or more of accelerators 1152 may each include a first plurality of intellectual property (IP) cores (e.g., reusable unit of logic or functionality or a cell or a layout design) that are in the first trust domain, and a second plurality of IP cores in the second trust domain.

In some embodiments, a single IP core of the accelerators 1152 may be in both the first and second trust domains to process data for both the first and second trust domains. In such embodiments, the CCE 1160 may process data from the single IP core based on an indication of whether the data is associated with the first or second trust domain. The indication may be inserted by the IP core and/or implicit in the data itself based on associated address ranges or other identifiers. While IP core is referenced above, it is to be understood that execution units and/or other cores are similarly included.

The CCE 1160 may isolate key usage between the first and second trust domains, and the CPU 1162. For example, keys of the first key domain 1148 a may not be used to encrypt data of the second domain or the CPU 1162, and keys of the second key domain 1148 b may not be used to encrypt data from the first trust domain or the CPU 1162. Thus, data of a respective trust domain may only be encrypted according to keys assigned to the respective trust domain. In this example, data of the first trust domain may only be encrypted according to keys in the first key domain 1148 a, while data of the second trust domain may only be encrypted according to keys in the second trust domain.

For example, the CCE 1160 and/or TEE 850 may actively block other hardware elements from accessing and/or using keys associated with different trust domains that the hardware does not belong within. In one example, the TEE 850 may block access to one or more keys in the first or second key domains 1148 a, 1148 b, by the CPU 1162 through allocation of the keys to the first and second trust domains, and to bypass allocating the keys to the CPU 1162. Thus, the CPU 1162 is effectively blocked from decrypting data associated with the first and second trust domains in the memory 1174 and may only see ciphertext since the CPU 1162 does not have access to the keys.

In some embodiments, the CCE 1160 and/or the TEE 850 may include an access control scheme that is implemented by embodiments to prevent the CPU 1162 from using keys that are dedicated to the first and second trust domains, such as the first key domain 1148 a and the second key domain 1148 b respectively. Access control may be supported by two access control mechanisms preventing the CPU 1162 from programming a first key domain 1148 (e.g., GFx KeyID) and controlling certain commands from the CPU 1162 (e.g., key programming instruction, PCONFIG, fails if software attempts programming a graphics key). In some embodiments, a hardware element may check that the KeyID of a request from the CPU 1162 does not fall in the first key domain 1148 range or second key domain 1148 b range to block the CPU 1162 from accessing unauthorized keys.

In this example, the first and second accelerators 1152 a-1152 b are part of the first trust domain (e.g., a first power constrained part such as a PC, etc.), and the third and fourth accelerators 1152 c, 1152 d belong to a second trust domain (e.g., a power constrained part such as a PC, etc.). The CPU 1162 may be part of a third trust domain (e.g., a host operating system, a third virtual machine, etc.) that is allocated a key domain (not illustrated) as well for encryption by the CEE 1160. The CCE 1160 may receive data from the first and second trust domains, encrypt the data and provide the encrypted data to the memory controller 1174 a in order to isolate the first and second trust domains from each other and the CPU 1162.

For example, the first accelerator 1152 a may send a first memory write operation and data request operation 1164 to the CCE 1160. The second accelerator 1152 b may send a second memory write operation 1166 to the CCE 1160. The third accelerator 1152 c may send a third memory write operation 1168 to the CCE 1160. The fourth accelerator 1152 d may send a fourth memory write operation 1170 to the CCE 1160.

The CCE 1160 may receive the requests from the accelerators 1152. The CCE 1160 may identify whether the data originates from the first or second trust domain, and encrypt the data accordingly. For example, the CCE 1160 may identify that the first memory write operation originates from the first accelerator 1152 a and identify that the first accelerator 1152 a is part of the first trust domain. Since the first trust domain is permitted to use keys from the first key domain 1148 a, the CCE 1160 may select one of the keys from the first key domain 1148 a to encrypt data associated with the first memory write operation. Thus, the CCE 1160 may encrypt data from the first accelerator 1152 a with keys from the first key domain 1148 a.

Likewise, the CCE 1160 may identify that the second memory write operation originates from the second accelerator 1152 b and identify that the second accelerator 1152 b is part of the first trust domain. Since the first trust domain is permitted to use keys from the first key domain 1148 a, the CCE 1160 may select one of the keys (e.g., the same key or a different key used to encrypt the data associated with the first memory write operation) from the first key domain 1148 a to encrypt data associated with second memory write operation. Thus, the CCE 1160 may encrypt data from the second accelerator 1152 b with keys from the first key domain 1148 a.

Similarly, the CCE 1160 may identify that the third memory write operation originates from the third accelerator 1152 c and identify that the third accelerator 1152 c is part of the second trust domain. Since the second trust domain is permitted to use keys from the second key domain 1148 b and not the first key domain 1148 a, the CCE 1160 may select one of the keys from the second key domain 1148 b to encrypt data associated with third memory write operation. Thus, the CCE 1160 may encrypt data from the third accelerator 1152 c with keys from the second key domain 1148 b.

Likewise, the CCE 1160 may identify that the fourth memory write operation originates from the fourth accelerator 1152 d and identify that the fourth accelerator 1152 d part of the second trust domain. Since the second trust domain is permitted to use keys from the second key domain 1148 b, the CCE 1160 may select one (the same key or different key used to encrypt the data associated with the third memory write operation) of the keys from the second key domain 1148 b to encrypt data associated with fourth memory write operation. Thus, the CCE 1160 may encrypt data from the fourth accelerator 1152 d with keys from the second key domain 1148 b.

The CCE 1160 may then send first and second memory writes encrypted (e.g., the encrypted data of the first and second memory writes) according to one or more encryption keys of the first key domain 1148 a, 1176 to the memory controller 1174 a. The memory controller 1174 a may store the encrypted data of the encrypted first and second memory writes in the memory 1174. The CCE 1160 may then send the third and fourth memory writes encrypted (e.g., the encrypted data of the third and fourth memory writes) according to one or more encryption keys of the second key domain 1148 b, 1178 to the memory controller 1174 a. The memory controller 1174 a may store the encrypted third and fourth memory writes in the memory 1174.

As already described, the first accelerator 1152 a may also issue a data request to the CCE 1160 during operation 1164. The CCE 1160 may serve as an intermediary between the accelerators and the memory 1174, and as such request the data 1182 from the memory controller 1174 a on behalf of the first accelerator 1152 a and in response to the data request from the first accelerator 1152 a. The memory controller 1174 a may retrieve the data from the memory 1174 and send the encrypted data in response to the data request 1184. The CCE 1160 may identify that the data is associated with the first trust domain, since the first accelerator 1152 a originated the data request and is part of the first trust domain, and decrypt the data based on an encryption key from the first key domain 1148 a. For example, the CCE 1160 may include a data structure identifying a key used to encrypt data associated with the write requests. The data structure may be referenced when data is retrieved from the memory 1174 to identify an encryption key that was used to encrypt the data, and decrypt the data based on the encryption key. Thus, the CCE 1160 may decrypt the data retrieved from the memory 1174 and send the decrypted data 1186 to the first accelerator 1152 a.

In some embodiments, the architecture 1150 may include a bypass path to prevent penalizing other memory traffic when a CCE 1160 (e.g., TME/MKTME) is not enabled. As noted, the CCE 1160 may further decrypt encrypted data from the memory 1174 for the accelerators 1152 based on the lookup table, and an encryption key used to encrypt the data. While the above has been described with respect to accelerators 1152, it is to be noted that the CCE 1160 and/or TEE 850 may operate similarly with other hardware elements, such as CPU 1162, to process encryption of data between different trust domains. Further, to process read requests, aspects of the above process may be reversed as already described to retrieve encrypted data associated with a trust domain of the first and second trust domains, and decrypt the data accordingly. In some embodiments, the CCE 1160 may be a hardware element that is part of a same system-on-chip (SoC) as the accelerators 1152.

It is worthwhile to note additionally, the location of the CCE 1160 may be flexible. For example, in some embodiments the CCE 1160 is separate from the accelerators 1152. In some embodiments, the CCE 1160 may be a part of one of the accelerators 1152 and the other accelerators of the accelerators 1152 may communicate with the CCE 1160 through secured channels.

FIG. 7B illustrates a method 1190 to encrypt data and decrypt data according to various trust domains. The method 1190 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7A) already discussed. More particularly, the method 1190 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 1192 partitions keys between trust domains. Illustrated processing block 1194 isolates key accesses between trust domains. Illustrated processing block 1196 receives a data write from a first trust domain of the trust domains. Illustrated processing block 1198 encrypts data associated with the data write with a key that is assigned to the first key domain. For example, the first key domain may be assigned to the first trust domain. Thus, method 1190 may select a key from the first key domain for the data that originates from the first trust domain. Illustrated processing block 800 writes encrypted data to memory. Illustrated processing block 802 receives a data read request from a second trust domain of the trust domains. Illustrated processing block 804 retrieves encrypted data identified by the read request and decrypts the encrypted data according to a key assigned to the second trust domain (different from the key assigned to the first trust domain) and that was used to encrypt the encrypted data. Illustrated processing block 806 sends the decrypted data to the second trust domain.

FIG. 7C illustrates a method 810 of a granular encryption scheme that encrypts data from different cores of an accelerator and/or CPU with different keys based on trust domains. The method 810 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B) already discussed. More particularly, the method 810 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 812 receives a first data access from a first IP from an accelerator. The first data access may be a write operation for first data. Illustrated processing block 814 identifies that the first IP is in the first trust domain. Illustrated processing block 816 encrypts the first data with a key for the first trust domain and stores the encrypted first data. Illustrated processing block 818 receives a second data access from a second IP of the accelerator. The second data access may be a write operation for second data. The first and second IP are on the same accelerator (e.g., a GPU, etc.). Illustrated processing block 820 identifies that the second IP is in a second trust domain. The second trust domain is different from the first trust domain. Illustrated processing block 822 encrypts the second data with second key from the second trust domain and stores the encrypted second data. The above method 810 may be implemented in one or more of the CCE 1160 or TEE 850 (FIG. 7A) to operate in conjunction with a plurality of accelerators each including IP assigned to different trust domains.

FIG. 7D illustrates a method 840 of encrypting data from a same accelerator and/or CPU with different keys based on trust domains. The method 840 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B), method 810 (FIG. 7C) already discussed. More particularly, the method 840 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 842 identifies data accesses from an accelerator. Illustrated processing block 844 identifies that the accelerator is in a plurality of trust domains. Illustrated processing block 846 identifies a tag associated with the data identifying a first trust domain of the plurality of trust domains. Illustrated processing block 848 encrypts data associated with the data with a key for the first trust domain. The above method 840 may be implemented in one or more of the CCE 1160 or TEE 850 (FIG. 7A) to operate in conjunction with a plurality of accelerators each operating within different trust domains.

Cryptographic Per Object Shared Virtual Memory Model for CPU/GPU Security (FIGS. 7E-7I)

Some embodiments may relate to a GPU and a CPU sharing data objects, such as HEAP data objects (e.g., a malloc associated object), and cryptographically defining bounds and security enforcement through cryptographic processes. Some embodiments further prevent use after freeing data objects, by binding encoded cryptographic address (e.g., pointer related data) with data encryption at a core and/or execution unit execution pipeline.

Some other implementations may rely on coarse grain security to encrypt just memory (e.g., address space separation such as in processes and/or virtual Machines, TEE) and may not granularly vary encryption based on a per object basis. Other implementations that operate at a finer granularity may be inefficient and introduce excessive metadata. For example, a metadata “wall” may include additional overhead for every granular memory access.

Turning now to FIG. 7E, a granular encryption process 3100 may mitigate software and/or hardware based vulnerabilities with an encryption scheme that may vary per object while avoiding excessive metadata. For example, some embodiments may employ a two part encryption process to firstly encrypt a virtual address, and then further encrypt data associated with the virtual address based on the encrypted virtual address (e.g., a shared virtual address scheme which permits sharing of objects between CPU and GPU). Doing so may enhance security at a relatively low cost by requiring an actor to have access to the encrypted virtual pointer and the encrypted data in order to successfully access decoded data.

In some embodiments, the CPU may encrypt data and virtual addresses in a process specific manner. For example, a first process may have data and virtual address encrypted according to a first key, a second process may be encrypted according to a second key, etc. The tweaks however may vary as indicated below.

As shown, a first encrypted virtual address 3138 is provided. For example, a CPU may encrypt a virtual address (e.g., a pointer) according to a key and a tweak based on the virtual address (e.g., fields such as address bits, object characteristics such as size, type, location, ownership, access control, permissions, stack location, data binding, etc.) to generate the first encrypted virtual address 3138. The CPU may share with an authorized actor 3120 (e.g., a GPU) the key and the tweak used to encrypt the virtual address to generate the first encrypted virtual address 3138 or generate an encrypted portion of virtual address 3138.

The first encrypted virtual address 3138 may be a ciphertext of the virtual address. As illustrated, the authorized actor 3120 (e.g., the GPU) may access the first encrypted virtual address 3138. The authorized actor 3120 may decrypt the address 3116 with a first key so that the first encrypted virtual address 3138 is decrypted into the first address 3102 (e.g., a virtual address). The first address 3102 may point to the first encrypted data 3124. Notably, the first encrypted data 3124 may still be encrypted. The authorized actor 3120 may correctly decrypt the first encrypted data 3124 based at least on the first encrypted virtual address 3138, 3110 to generate decrypted data 3108 (e.g., a data object). For example, the first encrypted virtual address 3138 may be used as a tweak and/or a decryption key in the decryption of the first encrypted data 3124.

In some embodiments, the first encrypted data 3124 may also be decrypted based on the first key and/or the tweak described above to encrypt the first encrypted virtual address 3138. In some embodiments, the key used to encrypt the first encrypted data 3124 may be different from the key used to encrypt the first encrypted virtual address 3138. For example, a decryption engine may implement a decryption process based on the key and one or more values of the first encrypted virtual address 3138.

A first unauthorized actor 3118 (e.g., a software program) may also decrypt address 3114 into the second address 3104 (e.g., a virtual address). That is, the first unauthorized actor 3118 may incorrectly decrypt the first encrypted virtual address 3138 to the second address 3104 since the first unauthorized actor 3118 is unaware of the key and/or tweak used to encrypt the first encrypted virtual address 3138. That is, the first unauthorized actor 3118 may not have access to the first key to properly decrypt the first encrypted virtual address 3138 to the proper address, which in this example is the first address 3102. Thus, the first unauthorized actor 3118 may decrypt the first virtual address 3138 improperly to the second address 3104, which points to the second encrypted data 3122.

The second address 3104 may point to the second encrypted data 3122. The first unauthorized actor 3118 may incorrectly decrypt the second encrypted data 3122, 3112. For example, the first unauthorized actor 3118 may not have access to the key that was used to encrypt the second encrypted data 3122 and/or a second encrypted virtual address that corresponds to (e.g., points to) the second address 3104. For example, the CPU may have encrypted the second address 3104 to the second encrypted virtual address. One or more values of the second encrypted virtual address may have been used to encrypt the second encrypted data 3122, and may be necessary for proper decryption of the second encrypted data 3122. The first unauthorized actor 3118 however may have identified the second address 3104 based on the first encrypted virtual address 3138 and not the second encrypted virtual address, and thus be unable to decrypt the second encrypted data 3122. As such, the first unauthorized actor 3118 may incorrectly decrypt the second encrypted data 3112 to generate inaccurate data 3106, thereby being blocked from identifying useful data through the two-part decryption described above.

A second unauthorized actor 3126 (e.g., a software program) may conduct an attack (e.g., a buffer overflow attack) based on the third address 3128, 3130. For example, the second unauthorized actor 3126 may access a third address 3128 and increment the third address 3128 to reach the first address 3102. As discussed, the first address 3102 corresponds to the first encrypted virtual address 3138. The first address 3102 further points to the first encrypted data 3124. Notably, since the second unauthorized actor 3126 is unaware of the first encrypted virtual address 3138, and particularly the relationship between the first encrypted virtual address 3138 and the first address 3102, the second unauthorized actor 3126 may be unable to properly decrypt the first encrypted data 3124. That is, the first encrypted data 3124 is encrypted according to the one or more values of the first encrypted virtual address 3138. Since the second unauthorized actor 3126 is unaware of the first encrypted virtual address 3138, the second unauthorized actor 3126 conducts a decryption process without the first encrypted virtual address 3138, 3132 and/or the key used to encrypt the first encrypted data 3124. Thus, the second unauthorized actor 3126 may generate inaccurate data 3134.

Thus, process 3100 may permit accesses by authorized actor 3120. The first unauthorized actor 3118 and the second unauthorized actor 3126 may be blocked. Notably, process 3100 may execute for each object in a HEAP. Further, while it is described that the CPU encrypts data, some embodiments may include the GPU encrypting data and sharing key with the CPU. Some embodiments may also relate to cryptographic computing (e.g., cryptographic capabilities).

Some embodiments share cryptographic pointers/data across resources. The illustrated approach uses shared virtual memory (SVM) to have a common addressing model. Pointers (linear addresses) are then shared between CPU, GPU, VPU, etc. Additionally, pointers (e.g., virtual addresses) are cryptographically encoded and a tweak key is used to decrypt encrypted data. Pointers encode power of two bounds and a version used to encrypt every object uniquely from every other spatially and temporally. Keys may be associated with page tables or contexts for shared virtual memory, such that switching page tables or contexts will also switch the corresponding keys used to encrypt the pointers and data for different contexts or page table mappings.

FIG. 7F illustrates a method 3000 of decrypting data with a GPU. The method 3000 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 3100 (FIG. 7E) already discussed. More particularly, the method 3000 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 3002 decrypts an encrypted memory address (e.g., virtual address). The decryption may execute with a tweak of the memory address, and an encryption key. The encrypted memory address may be a pointer, and cryptographically encodes an object size and/or location. A CPU, which encrypted the memory address may provide the tweak and the key to the GPU. Illustrated processing block 3004 loads ciphertext from the decrypted memory address. Illustrated processing block 3006 deciphers the ciphertext based on the encrypted memory address. In some embodiments, illustrated processing block 3006 further deciphers the ciphertext based on an encryption key with the encrypted memory address service as a tweak (e.g., encrypt the address-based tweak with the key to generate a keystream that is XORed with the ciphertext data for that address to reveal the plaintext data). Illustrated processing block 3008 executes an operation based on the decrypted data.

Method 3000 may execute without additional registers and/or cache, additional memory overhead (e.g., tables), and without added additional loads/stores. Method 3000 may further flexibly mitigate evolving threats with little to no performance impact and minimal recoding recompilation. It is worthwhile to note that as more attributes of the virtual address are used as a tweak to encrypt the virtual address (e.g., address bits, object data such as size, type and location, ownership, access control, permissions, etc.), strength of the encryption may increase.

FIG. 7G illustrates an encryption and decryption process 3200 that may be implemented with a GPU. Process 3200 may implement aspects of and/or be incorporated into any of the embodiments described herein, including process 3100 (FIG. 7E), and method 3000 (FIG. 7F). A cryptographic address (CA) 3202 is illustrated. The size information 3202 a may identify a size of a number of tweak bits that are to be used for decryption. The size information 3202 a may indicate the number of bits from the first address bit 3202 c and onward (e.g., unshown address bits), that are to be used for the tweak 3214. In some embodiments, the tweak 3214 does not include the bits used for pointer arithmetic, which is the N addressing bit 3202 n in this example. In some embodiments, pointer arithmetic may traverse through the first address bit 3202 c-N addressing bit 3202 n. The process 3200 may provide a key 3206 (e.g., from a CPU), that was used to encrypt the cryptographic address 3202, to the decryption engine 3210 (e.g., a k-cipher). The process 3200 may also provide the CA 3202, 3208 to the decryption engine 3210. Decryption engine 3210 may output the decryption 3212 as the decrypted linear address 3216.

The decrypted linear address 3216 corresponds (e.g., points to) to HEAP object 3218 which is stored in the 128B slot. The process 3200 retrieves the ciphertext 3220 of the HEAP object 3218 and provides the ciphertext to the cryptographic engine 3222. The cryptographic engine 3222 (e.g., Gimli) may receive a tweak 3204, for example a different tweak provided to the decryption engine 3210, to execute decryption of the ciphertext. The tweak may be the entire CA 3202. The cryptographic engine 3222 may also receive a key 3224, for example the same or a different key provided to the decryption engine 3210. The cryptographic engine 3222 may decrypt the ciphertext to generate plaintext data 3226. The GPU may then execute operations with the plaintext data.

In some embodiments, process 3200 may be executed by a GPU. Notably, since the GPU may generate the decryption engine (e.g., set up) and the cryptographic engine 3222 in parallel. For example, since the cryptographic engine 3222 does not need the decrypted linear address 3216 for decryption, the cryptographic engine 3222 may be initiated when the CA 3202 is identified to thereby reduce loading and initiation (e.g., configure configurable hardware logic).

FIG. 7H illustrates a cryptographic cache with a cryptographic diffusion and confusion 2580 with a comparison to adversary types. Embodiments of FIG. 7H may implement aspects of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G).

FIG. 7I illustrates a sharing cryptographic pointer data and/or across resources diagram 2584. Diagram 2584 may implement aspects of process 3100 (FIG. 7E), method 3000 (FIG. 7F), and process 3200 (FIG. 7G) and cryptographic diffusion and confusion 2580 (FIG. 7H). For example, some embodiments use a shared virtual memory (SVM) to have common address model. Some embodiments also include pointers (e.g., linear addresses) that are then shared between various units such as the CPU, GPU, VPU, etc. Some embodiments further include pointers that are cryptographically encoded and used a tweak key to decrypt encrypted data. Furthermore, some embodiments include pointers that encode power of two bounds and version used to encrypt every object uniquely from every other object both spatially and temporally.

Roots-of-Trust (RoT) in GPU Compute Engines (FIGS. 8A-8D)

A root-of-trust (RoT) in a graphics processing unit (GPU) may include reliable hardware, firmware, and/or software components that execute security functions. The RoT may be inherently trusted, and thus must be secure by design. Therefore, some RoTs are implemented in hardware so that malware cannot tamper with the functions they provide. Thus, RoTs may reliably affirm security boundaries between different tenants. For example, each tenant may verify the security status of a GPU to verify that the GPU is not compromised prior to executing a workload by another tenant and/or a malware.

In detail, FIG. 8A may illustrate a tenant-based processing environment 700 in which a GPU 736 may execute operations on behalf of a tenant 714. While one tenant 714 is illustrated, it will be understood that the GPU 736 may support multiple tenants concurrently, with each tenant verifying the security of the GPU 736 as outlined below to verify that the GPU 736 is not compromised (e.g., physically modified and/or compromised by another tenant). The GPU 736 may include a plurality of GPU compute engines 702 that include first compute engine-N compute engine 702 a-702 n. The first compute engine-N compute engine 702 a-702 n may become attack engines if compromised. Thus, in some embodiments, the first compute engine-N compute engine 702 a-702 n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may be designed with a “RoT” hardware for generating attestable identity and boot integrity information (e.g., claims).

For example, each of the first compute engine-N compute engine 702 a-702 n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 (e.g., various engines) may have a RoT in hardware or has an isolated execution environment where the environment resources (e.g., compute, memory, storage, I/O, etc.) are partitioned by a RoT such as Trust Domain Extensions, Software Guard Extensions, a hypervisor, a resource manager (e.g., Resource Director Technology (RDT)). Each isolated execution, such as the first compute engine-N compute engine 702 a-702 n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 (e.g., various engines), may have firmware that is loaded and may have keys or seeds for generating keys provisioned and where the loading/provisioning of these values may be derived from a primitive hardware RoT. The intermediate layering of first compute engine-N compute engine 702 a-702 n, GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may follow the conventions outlined by the DICE layering specification (e.g., a Trusted Computing Group (TCG)).

The first compute engine-N compute engine 702 a-702 n may both attest and verify integrity state of peer engines 748 and other engines of the first compute engine-N compute engine 702 a-702 n before performing pipelined operations. For example, some embodiments may be augmented with the peer engines 748 that are peer compute engines. The GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 may further attest and verify integrity of each other as will be explained below prior to executing pipelined operations as well.

Some embodiments further include peer engines 478. The peer engines 278 may be separated from the GPU 736, but be in communication with the GPU 736 (e.g., on a same SoC or computing device). One such example of the peer engines 748 may include a Smart network interface card (NIC) that is a NIC that offloads processing tasks (e.g., encryption/decryption, firewall, etc.) that the system a central processing unit may normally handle. Other examples of the peer engines 748 include central processing units, remote nodes, microprocessors, trust domain extensions, and/or Software Guard Extensions. Thus, the peer engines 748 may further participate towards both verifying and attesting RoT context for a better confidential and secure computing capability.

The GPU 736 may be partitioned into finer granularity “lanes” (e.g., including memory, core/core slice, cache and storage resources). Per slice attestation and identity keys may be derived and/or rolled-back according to an elastic compute paradigm. For example, Device Identifier Composition Engine (DICE) layering may include fan-out for seeding key derivation functions. Such attestation and identity key may aid in identifying devices that may be trusted (e.g., uncompromised by physical attacks or otherwise).

As illustrated in FIG. 8A, a GPU RoT 704 (e.g., a hardware device) may include a RoT attestation environment 704 a. The GPU RoT 704 may be resistant to physical attacks. Thus, security may be premised on the GPU RoT 704 having the ability to attest and verify a first target environment 706. The RoT attestation environment 704 a may collect claims 716 from the first target environment 706. For example, the RoT attestation environment 704 a may measure software and/or physical characteristics of the first target environment 706.

The claims of the first target environment 706 may be attestable identity information, such as hardware and/or software measurements of the first target environment 706. For example, the GPU RoT 704 may identify, measure and/or receive hardware and software status of the first target environment 706 and report the measurements as first evidence (e.g., a hash function of the measurements that is signed with a private key and/or a certificate). Doing so may enable remote attestation of supported system events, (e.g., a software chain of trust), but may also support the management of platform-specific configuration and status events such as, for example, platform capabilities, execution modes, and platform security policies.

The GPU RoT 704 may further send a key seed and first evidence 718 (e.g., collected claims and/or a signed certificate) of the first target environment 706 to the first target environment 706. The first evidence may include a certificate that is signed by the GPU RoT 704 with a RoT identity key (e.g., private encryption key) to attest to the security of the first target environment 706. That is, the RoT attestation environment 704 a may attest to the hardware and/or software for first target environment 706. The key seed may be based on various values associated with the first target environment 706 (e.g., hash values of software and/or hardware measurements) and an input entropy (e.g., unique device secret). For example, the input entropy may be modified based on the hash values. In some embodiments, the key seed may be randomized based on various inputs.

In some embodiments, the RoT attestation environment 704 a further determines the RoT identity key for the RoT attestation environment 704 a based on the input entropy but not the various values of the first target environment 706 to ensure that the RoT identity key of the RoT attestation environment 704 a is not duplicated on the first target environment 706. The input entropy may be implemented by a physically unclonable fuse that is physically tamper resistant such that if a third-party probes or attempts to read the value in the physically unclonable fuse, the value of the physically unclonable fuse is erased. The GPU RoT 704 would then cease to operate correctly (e.g., fail to properly authenticate and generate keys for signing) to alert tenants that the GPU RoT 704 is compromised.

The first target environment 706 (e.g., a firmware and/or bring-up software) may further include a first attestation environment 706 a (e.g., a RoT hardware). The first attestation environment 706 a may generate a key (e.g., a first identity key that is an encryption key) based on the key seed received from the GPU RoT 704, and collect claims 720 of the second target environment 708 (e.g., a GPU resource manager). For example, the first attestation environment 706 a may read a memory of the second target environment 708 to collect the claim 720.

The claims may be hardware and/or software measurements of the second target environment 708. The first attestation environment 706 a may identify (e.g., read a memory) the claims of the second target environment 708, verify the claims and generate a key seed. The first attestation environment 706 a may generate a certificate attesting to the claims of the second target environment 708 that is signed with the first identity key. The first attestation environment 706 a may generate second evidence (e.g., a hash function of the measurements that is signed with first identity key and/or a certificate). Second evidence may include the certificate generated by the first attestation environment 706 a and/or a hash of the claims of the second target environment 708. The first attestation environment 706 a may send the key seed and the first and second evidence 722 to the second target environment 708. Thus, the second evidence may include a hash of the measurements associated with the second target environment 708 and/or a certificate that is signed by the first attestation environment 704 a with the first identity key to attest to the security of the second target environment 708.

The first attestation environment 706 a may generate the key seed based on an entropy source (e.g., a composite device identifier (CDI) function that corresponds to a set of data used to identify the software running on a system that was used to generate this data) and various values associated with the second target environment 708 (e.g., hash values of software and/or hardware measurements) to randomize the key seed. For example, example, a cryptographic digest of the associated software/firmware may be used as a class identifier (e.g., CDI) of the targeted environment. In some embodiments, the composite device identifier function may generate a value based on the key seed from the RoT attestation environment 704 a, and the value may be used to generate the key seed for the second target environment 708 along with the various values associated with the second target environment 708. The key seed may be the output of a one-way function (e.g., hash) that combines a digest of the firmware, firmware initialization values, an entropy source (e.g., CDI), and key disambiguation values. The seed may be used to generate asymmetric or symmetric keys. Thus, the key seed from the RoT attestation environment 704 a may be used to generate the first identity key for the first attestation environment 706 a and the key seed for a second attestation environment 708 a. The key seed generated by the first attestation environment 706 a may be unique and different from the key seed generated by the RoT attestation environment 704 a to ensure that RoT and first identity keys are unclonable.

The second target environment 708 may include the second attestation environment 708 b (e.g., a RoT hardware). The second attestation environment 708 a may collect claims (e.g., hardware and/or software measurements) of a third target environment 712 (e.g., a GPU compute engine manager). The second attestation environment 708 b may generate a key (e.g., a second identity key that is an encryption key) based on the key seed received from the first attestation environment 706 a. In some embodiments, to collect claims 724, the second attestation environment 708 a may read a memory of the third target environment 712.

The claims may be hardware and/or software measurements of the third target environment 712. The second attestation environment 708 a may receive (e.g., read a memory) the claims of the third target environment 712, verify the claims and generate a key seed. The second attestation environment 708 a may generate a certificate attesting to the claims of the third target environment that is signed with the second identity key. The second attestation environment 708 a may generate third evidence (e.g., a hash function of the measurements that is signed with the second identity key and/or a certificate). The third evidence may include the certificate generated by the second attestation environment 708 a and/or a hash of the claims of the third target environment 712. The second attestation environment 708 a may send the key seed and the first, second and third evidence 726 to the third target environment 708. Thus, the third evidence may include a hash of the measurements associated with the third target environment 712 and/or a certificate that is signed by second attestation environment 708 a with second identity key to attest to the security of the third target environment 712.

The second attestation environment 708 a may generate the key seed based on an entropy source (e.g., a composite device identifier function that corresponds to a set of data used to identify the software running on a system that was used to generate this data) and various values associated with the third target environment 712 (e.g., hash values of software and/or hardware measurements) to randomize the key seed. In some embodiments, the composite device identifier function may generate a value (also known as the CDI) based on the key seed from the first attestation environment 706 a, and the value may be used to generate the key seed for the third target environment 712 in conjunction with the various values of the third target environment 712. Thus, the key seed from the first attestation environment 706 a may be used to generate the second identity key for the second attestation environment 708 a, and the key seed for a third attestation environment 712 b. The key seed generated by the second attestation environment 708 a may be unique and different from the key seed generated by the RoT attestation environment 704 a and the first attestation environment 706 a to ensure that the RoT, first and second identity keys are unclonable.

Thus, some embodiments may implement a cascaded key seed generation system. For example, the first target environment 706 creates the CDI for the 2nd target environment 708 and so forth—in a layering model. Alternatively, there may be a composite model where the first target environment 706 creates CDI values for a number of different environment (e.g., the 2nd through n-th environments). The first target environment 706 may add disambiguation values to the CDI for each different environment, such as hashing the position (2|3| . . . |n) with a CDI that is otherwise common across all composted environments. Additionally, the first target environment 706 may manage multiple UDS (unique device secret) values for each composited environment for added security.

The third target environment 712 may further include the third attestation environment 712 b (e.g., a RoT hardware). The third attestation environment 712 b may generate a key (e.g., a third identity key that is an encryption key) based on the key seed received from the second attestation environment 708 a. The third attestation environment 712 b may accumulate the first, second and third evidence, and evidence generated for the first-N compute engines 702 a-702 n. The third attestation environment 712 b may provide the accumulated certificates to requesting parties, such as the tenant 714, to verify the security of the GPU 736.

The third target environment 712 may include an attestation and key manager 712 a that sends different key seeds to the first-N compute engines 702 a-702 n. For example, the attestation and key manager 712 a may send a first key seed 728 to the first compute engine 702 a. The first compute engine 702 a may generate a unique key (e.g., identity key) for communication with the tenant 714 based on the first key seed. The attestation and key manager 712 a may collect first compute engine 702 a claims 734 (e.g., software and/or hardware measurements) as already described to generate evidence for the first compute engine 702 a. In some embodiments, the attestation and key manager 712 a may read memory of the first compute engine 702 a to collect the claims.

For example, the evidence for the first compute engine 702 a may be a hash function of the measurements that is signed with the third identity key and/or a certificate generated by the attestation and key manager 712 a. The evidence may include the certificate generated by the attestation and key manager 712 a and/or a hash of the claims of the first compute engine 702 a. Thus, the evidence may include a hash of the measurements associated with the first compute engine 702 a and/or a certificate that is signed by the attestation and key manager 712 a with the third identity key to attest to the security of the first compute engine 702 a.

The attestation and key manager 712 a may send a second key seed 730 to the second compute engine 702 b. The second compute engine 702 b may generate a unique key (e.g., an identity key) for communication with the tenant 714 based on the second key seed. The attestation and key manager 712 a may collect second compute engine 702 b claims 736 (e.g., software and/or hardware measurements) to generate evidence and similarly to as described herein.

Further, the attestation and key manager 712 a may continue similar to the above with each compute engine 702 a-702 n until the N compute engine is reached. The attestation and key manager 712 a may send an N key seed 732 to the N compute engine 702 n. The N compute engine 702 n may generate a unique key for communication with the tenant 714 based on the N key seed. The attestation and key manager 712 a may collect N compute engine 702 n claims 738 (e.g., software and/or hardware measurements) to generate evidence and similarly to as described herein.

Each of the first-N key seeds is unique (having been augmented with a disambiguation value for each tenant environment instance), establishing unique identity keys for the environment. Additional keys may be derived from the specific environment of the GPU RoT 704, first target environment 706, second target environment 708 and third target environment 712 (e.g., to support communication). For example, each of the first-N compute engines 702 a-702 n may have generated a different encryption key (e.g., a key used for encryption and for identity verification) for communication with the tenant 714. Thus, if a compromised compute engine of the first-N compute engines 702 a-702 n is compromised, the tenant 714 may bypass interactions with the compromised compute engine. Furthermore, the compromised compute engine may be unable to spoof of mimic other compute engines of the first-N compute engines 702 a-702 n since the compromised compute engine cannot recreate the unique encryption keys used by the other compute engines. That is, the compromised compute engine cannot encrypt and/or sign messages according to another compute engines unique encryption key to prevent the one compute engine from mimicking messages from the another encryption engine without also knowing the unique device secret (UDS) and other disambiguation values. Furthermore, the one compute engine cannot decrypt messages intended for another compute engine since the unique encryption key (which is used for decryption) is unknown to the one compute engine)

The attestation and key manager 712 a may generate evidence (e.g., hashes of the software and hardware measurements) and sign the evidence with a certificate. The attestation and key manager 712 a may send the evidence 724 to the third attestation environment 712 b (e.g., a RoT hardware). The tenant 714 may verify security of the GPU 736 by reviewing the signed certificates and evidence. If a compute engine of the first-N compute engine 702N is identified as being compromised the compute engine may be locked out of workloads by the tenant 714 by avoiding using an encryption key associated with the compromised compute engine. The tenant 714 may then execute a workload on the secure GPU 736.

Thus, some embodiments implement the plurality of compute engines 706 bootstrap with attestable identities and key generation seeds at a tenant-specific granularity (e.g., each tenant can specific different key seeds). Each compute engine of the compute engines 706 may derive additional keys (e.g., per-tenant slice if a resource manager requires finer grained resource partitioning). As resources are reclaimed and/or reallocated, different slice/engine contexts may elastically disappear or reappear. Attestation and key seed contexts may be re-created as needed to support elasticity. Furthermore, in some embodiments the GPU 736, including the compute engines 702, may conduct an attestation process as described above for each tenant that begins to execute on the GPU 736.

As shown in FIG. 8B, an example device architecture 758 (e.g., GPU) layering applied to GPU resources demonstrates how a one-way function (OWF) may be used to derive a key seed for a next layer.

RoT 750 has a first function 750 b (e.g., a OWF) that accepts as input entropy a UDS 750 c (unique device secret) and one or more values from zero layer 752 (e.g., a GPU firmware boot). The values may be identified by the first Trusted Component Identity (TCI) 750 a and may be context information. The values may be hashed.

The output of the first function 750 b may be a key seed for the zero layer 752. The output of the first function 750 b may be provided to a first composite device identifier 752 c that receives the output (e.g., a key seed), and may modify the output A first TCI 752 a may identify values of a first layer 754 (e.g., GPU resource manager) and may be context information. The values may be hashed. A first function 752 b may receive the outputs of the first CDI 752 c and the first TCI 752 a and provide a key seed to the first layer 754. The first layer 754-N layer 756 (e.g., GPU compute engines/lanes) may operate similarly to as described above and in conjunction with other layers (not illustrated).

In some embodiments, each of RoT 750 and the zero-N layers 752-756 may persist rather than being torn down or deactivated during various boot processes, power ups or context switches. Additionally, the RoT 750 and the zero-N layers 752-756 may be isolated from each other to the point where data (e.g., encryption keys and seeds) are securely maintained and not comprised by unauthorized elements of the RoT 750 and the zero-N layers 752-756.

Turning now to FIG. 8C, process 760 illustrates securing trust through interactions between a tenant 762 and a compute engine E1 764. In some embodiments, compute engines and/or lanes, such as the compute engine E1 764, attest to hosting environment security 766 properties and may also supply an engine-specific or lane-specific key wrapping key. The wrapping may be generated based on an encryption seed derived from a Unique Device Secret (UDS) or a Compound Device Identifier (CDI) that contains entropy derived from a UDS value and data from another layer. The wrapping key may be an identity encryption key as described herein. The compute engine E1 764 and any other compute engine in the lane associated with the tenant T1 762 may provision a tenant-specific key-encryption-key (KEK) 768. In some embodiments, the compute engine E1 764 may also verify attestation of tenant T1 762 to ensure that the compute engine E1 764 to enforce security and reduce tampering of the compute engine E1 764 by malicious actors. Tenant T1 762 generates content keys, context encryption keys, encrypted content and/or context, then wraps at least the content encryption key with the KEK for use by the compute engine E1 764.

The compute engine E1 764 may provision the tenant T1 data and context 772. In some embodiments, the compute engine E1 764 may decrypt the encrypted content encryption key with the KEK to decipher the data provided by the tenant T1 762.

Thus, some computer engine environments are elastically formed from a hardware RoT (e.g., UDS/PUFs) where each CE may be specialized according to hosting requirements, AI model provisioning, etc., or may be clones (but distinguishable by instance).

Compute engines, including the compute engine E1 764, may have compute engine-specific identities and keys that attest to security properties and other capabilities to tenants, such as tenant T1 762, or other peers interacting with GPU. In such a case, the peer verifies that the compute engine E1 764 and/or lane environment is suitable for the tenant T1 762 workload/application. The compute engine E1 764 may request tenant T1 762 to attest to ensure tenant identity and context meet minimum security requirements and to establish tenant endpoint context. Additionally, the compute engine E1 764 provisions the KEK (e.g., RSA public key) for the tenant T1 762 to wrap its context and/or content. The KEK may be provisioned (e.g., transmitted to) the compute engine E1 764 after the tenant T1 762 verifies the evidence that the compute engine E1 764 is secure (e.g., reviews attestation data).

The tenant T1 762 provisions tenant data, AI models and workload execution code/context securely using tenant-specific encryption key(s). The compute engine E1 764 unwraps the key and decrypts the context/content to perform the application/workload.

FIG. 8D illustrates a method 780 to securely attest to elements of a graphics processor (e.g., GPU). The method 780 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the environment 700 (FIG. 8A), example device 752 (FIG. 8B) and process 760 (FIG. 8C) already discussed. More particularly, the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 782 transmits, with a first target environment of a plurality of target environments, first key seeds to compute engines of a graphics processor. Illustrated processing block 784 collects claims, with the first target environment, from the compute engines to generate evidence. Illustrated processing block 786 generates, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds. The plurality of target environments may be part of the graphics processor.

In some embodiments, method 780 further includes transmitting, with the plurality of target environments, second key seeds to each other. In some embodiments, method 780 further includes generating, with the plurality of target environments, unique identity keys based on the second key seeds. In some embodiments, method 780 further includes collect, with the plurality of target environments, claims of the plurality of target environments, and generating evidence for attestation based on the claims of the plurality of target environments. In some embodiments, method 780 generates, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments. In some embodiments, method 780 further collects claims, with the RoT hardware, from the second target environment, and generating, with the RoT hardware, evidence based on the claims collected from the second target environment.

Confidential Guest VM Display (FIGS. 9A-9D)

Embodiments as described herein relate to isolation and preservation of confidential data between different systems on a security enhanced computing architecture 900. For example, in FIG. 9A, the computing architecture 900 includes a trusted execution environment 932, a virtual machine manager (VMM) 1008 (e.g., a hypervisor), a host operating system (OS) 926 and confidential guest OS 902.

The VMM 1008 has the ability to create domains, such as the confidential guest OS 902 or other virtual machines, that are sufficiently isolated, permitting computations that are confidential with respect to all other domains on the architecture. Specifically, data of the confidential guest OS 902 (e.g., a virtual machine) is isolated from the host OS 926 (e.g., an ‘open’ domain in client platforms). Such data isolation may be readily enforced as long as the data remains under the control of the confidential guest OS 902. In some cases, however, the data may need to be transferred to the host OS 926 to be under the control of the host OS 926.

For example, the host OS 926 may control an underlying hardware of the computing architecture 900, such as display 948 and/or a GPU (e.g., graphics processor). For example, the host OS 926 may include software that interacts with underlying hardware of the architecture 900. The host OS 926 may operate as a medium between the confidential guest OS 902 and the hardware to execute actions (e.g., input/output actions) on behalf of the confidential guest OS 902. In doing so, malicious actors on the host OS 926 may attempt to access the data of the confidential guest OS 902. In order to mitigate such unauthorized accesses, some embodiments as described herein encrypt the data of the confidential guest OS 902 to prevent software of the host OS 926 from accessing and decrypting the data. Secured, hardware elements (e.g., a GPU) that are less prone to software-based vulnerabilities may be able to decrypt and manipulate the data, while preventing malicious software from accessing the data. Thus, some embodiments may preserve data confidentiality of the confidential guest OS 902 across software boundaries by only permitting a limited number of hardware-based elements to access and decrypt the data.

In some examples, the confidential guest OS 902 and the host OS 926 may communicate through a proxy application 928 in order to present visual information (e.g., output, dialog boxes, etc.) to a user of the architecture. In order to do so, the output from the confidential guest OS 902 may traverse through the host OS 926. Doing so may include sharing output buffers with the host OS 926. While some implementations may attempt to make data un-scrapable to prevent other processes in the Host OS 926 from copying the contents, such security measures detrimentally may rely on an uncompromised software execution on the host OS 926 and/or the VMM 1008.

Thus, some embodiments may augment security through an enhanced communication and encryption process that leverages secure hardware-based elements to handle unencrypted data and encrypt the data. For example, some embodiments may leverage graphics hardware to implement a robust and well-developed mechanism for the handling and display of digital video content while preventing interception and/or inspection of data of the content software of the host OS 926 and/or other malicious software. For example, the host OS 926 may include a Protected Audio/Visual Path (PAVP) session 930 that may securely protect encrypted content while in-rest in buffers. The PAVP session 930 may employ inline encryption engines to ensure that protected data is encrypted whenever it is at rest in system memory and/or in transit within the system busses. Data may be encrypted with a first encryption key (e.g., “session” key), passed through various portions of the host OS 926, decrypted and then encrypted again with a second encryption key (e.g., a display key) different from the first encryption key.

The confidential guest OS 902 may be a producer of confidential information to be output. Architecture 900 may include a software-based security implementation in which the confidential guest OS 902 may bypass leveraging a GPU (e.g., graphics hardware) to encrypt data (e.g., may not have direct access to a GPU). A hardware-based composition engine 934 (e.g., GPU) may however be able to at least decrypt and composite the data as will be explained below.

The confidential guest OS 902 may be considered isolated from other VMs (not illustrated) and the Host OS 926. The other VMs may interact with the VMM 1008 and/or host OS 926. Thus, the confidential guest OS 902 may seek to enforce data isolation principles (e.g., prevent software access) from the other VMs, host OS 926 and/or VMM 1008.

A guest certificate 922 may be pre-provisioned, for example when the architecture 900 is manufactured, installed and/or initialized, into the confidential guest OS 902 and the Trusted Execution Environment (TEE) 932 (e.g., a secure area of a main processor, hardware security module (HSM), secure execution environment, Dynamic Application Loader (DAL), trust domain extensions (TDX), etc.). The confidential guest OS 902 and the TEE 932 establish a secure session 938 by proving authenticity to each other using the guest certificate 922. The design of the system is agnostic of the choice of secure session protocol. Once the secure session is established, the confidential guest OS 902 and TEE 932 generates a session key (e.g., an encryption key such as a symmetric session key) and TEE 932 transmits the key to a hardware element, such as a GPU. Once established, the session key is used in the encryption engine 910. The session key will be used for encryption as explained below. The confidential guest OS 902 may thus utilize a content encryption key (e.g., the session key) provided by a confidential application and/or vendor.

The confidential application 904 of the confidential guest OS 902 may generate data 1040. A render engine 906 may generate render data 918 (e.g., image data, and/or related to software rendering and/or rasterization) based on the generated data of the confidential application 904. The confidential buffer 908 may not be encrypted at this point so that the render data is unencrypted.

The confidential application 904 may issue an instruction for encryption according to the session key 914 to the encryption engine 910. As noted, the session key is stored in the encryption engine 910. In response to receiving the issued instruction, the encryption engine 910 encrypts confidential buffer 908, 920, and more particularly encrypts the render data stored in the confidential buffer 908 according to the session key (i.e., with a Widevine encryption scheme as one possible embodiment), and stores the data in the encrypted confidential buffer 912. It is worthwhile to note that the confidential buffer 908 and the encrypted confidential buffer 912 may be the same buffer in some embodiments, with the distinction being that the encrypted confidential buffer 912 stores the encrypted render data while the confidential buffer 908 stores the unencrypted render data.

The confidential guest operating system 902 may then pass the message 924 to the proxy application 928. The message may include the encrypted confidential buffer 912 (or a pointer thereto) and a request to render the encrypted render data. The proxy application 928 passes the message 916 to the PAVP session 930. The PAVP session 930 passes the message 936 to the hardware-based composition engine 934.

The hardware-based composition engine 934 may be a hardware element (e.g., host processor, GPU, accelerator, vision processing unit, etc.) to enhance security. It is to be noted that prior to this point, the confidential guest OS 902 has only provided encrypted render data to the host OS 926 to reduce malicious actors from accessing the data. The hardware-based composition engine 934 may be under the control/receive commands from the host OS 926, but software of the host OS 926 does not have direct access to the data locations of the hardware-based composition engine 934, thus making tampering and/or reading attacks of the render data more difficult. Thus, the hardware-based composition engine 934 may be less prone to malicious attacks due to the hardware-based composition engine 934 being implemented in a hardware structure. In some embodiments, the composition engine 934 may be a GPU.

An application 940 of the host OS 926 may pass application data 942 to be rendered to the hardware-based composition engine 934. The application data may be displayed in conjunction (e.g., simultaneously) with the confidential data. In order to do process the confidential data and non-confidential application data together into a final image for display, the hardware-based composition engine 934 may have received a copy of the session key (or another decryption key) from the TEE 932 to decrypt the encrypted render data into clear text. The composition engine 934 may composite the unencrypted render data and the unencrypted application data together to generate composited render and application data. Thereafter, the hardware-based composition engine 934 may encrypt the composited render data and the application data together according to a display key (e.g., a second key), that is different from the session key (e.g., a first key), to generate encrypted composited data. The hardware-based composition engine 934 may then store the encrypted composited data in an encrypted display buffer 944, which may be external to the hardware-based composition engine 934. Thus, in some embodiments, the hardware-based composition engine 934 may store only encrypted data (e.g., encrypted versions of the render data) outside the hardware-based composition engine 934, while all unencrypted data operations execute internally within the hardware-based composition engine 934.

When the encrypted composited data is ready for display, the hardware-based composition engine 934 (e.g., a GPU) may decrypt and display data 944. For example, the hardware-based composition engine decrypt the encrypted composited data and may present the decrypted composited data on display 948.

Display 948 may show application graphical user interface (GUI), which is based on the application data of the host operating system 926, and the guest GUI, which is based on the render data generated by the confidential guest operating system 902. Thus, the plaintext of the render data is not directly accessible outside of the GPU hardware pipeline to remain in a protected state from malicious software that may be on the host OS 926.

As such, some embodiments, may facilitate a security enhanced communication process. Further, some embodiments may leverage hardware elements to enhance security.

It is worthwhile to note that some embodiments are agnostic to the specific implementation of the TEE 932 as long as the TEE 932 maintains confidentiality of data. The plaintext of the render data will only be available to the confidential guest OS 902 and while protected in the GPU hardware pipeline. Some embodiments may be modified to apply to encrypted content that may be streamed across network connections from a remote source. For example, the remote source may execute a process similar to the confidential guest OS 902 while a display device may execute a process similar to the host OS 926.

Thus, the Host OS 926 may be able to handle confidential VM output (e.g., the render data) in a flexible manner to display the render data in context of other visual output from the host OS 926 while robustly protecting the integrity of the data from potential hostile code in the Host OS 926.

In some embodiments, the content of Guest OS 902 (e.g., a virtual machine) is isolated in output buffers from the host OS 926 visibility (e.g., prevent screen scraping of content). In some embodiments, the confidential guest OS 902 may utilize software and/or hardware rendering (i.e., through Peripheral Component Interconnect (PCI) device assignment, single root input/output virtualization (SR-IOV), or CPU-based render such as Windows Advanced Rasterization Platform (WARP)) and subsequently encrypt the buffers to prevent the Host OS 926 from having access to the screen or render data itself. By encrypting the confidential buffer 908 to generate encrypted confidential buffer 912, the confidential guest operating system 902 protects the confidentiality of the render data.

In some embodiments, the VMM 1008 may operate similarly to the host OS 926 to interact with hardware on behalf of the confidential guest OS 902. In such embodiments, the confidential guest OS 902 may encrypt and transfer data to the VMM 1008 similarly to as described herein, and a GPU associated with the VMM 1008 may decrypt, composite, encrypt the composited data, and decrypt the composited data for display.

FIG. 9B illustrates a hardware accelerated confidential display computing architecture 960. In this particular example, a confidential guest OS 962 may have access to hardware element (e.g., a GPU such as a graphics processor, and/or a processing unit) to encrypt data, rather than relying on software mechanisms to do so. For example, in some embodiments the confidential guest OS 962 has access to the services of the GPU (e.g., via SR-IOV). As such, the confidential guest OS 962 may employ the services of the GPU to render and/or rasterize and execute encryptions.

In this particular example, a confidential application 964 may generate data 966. A hardware render engine 968 (e.g., a component of the GPU) may generate render data 970 based on the received data, and store the render data into confidential buffer 972. The confidential guest OS 962 causes (e.g., passes an instruction to command an encryption operation) the GPU encryption engine 974 (e.g., a hardware element of the GPU) to encrypt the confidential buffer 972, 976 (e.g., execute a PAVP encryption process) to generate the encrypted confidential buffer 978. The encrypted confidential buffer 978 may contain the render data in an encrypted form. The GPU may encrypt the render data according to a first encryption key. The GPU may be responsible for decryption of the render data at a later time, and thus maintain the first encryption key in a secure storage location on the GPU (e.g., a register) to bypass storage of the first encryption key outside the GPU.

Similar to as above, the confidential buffer 972 and encrypted confidential buffer 978 may be the same buffer, but the confidential buffer 972 may store unencrypted render data while the encrypted confidential buffer 978 may store encrypted render data. For example, the confidential guest OS 962 may access the GPU via a PAVP session to encrypt confidential buffer 972 and generate encrypted confidential buffer 978. In doing so, the render data is encrypted and stored in the encrypted confidential buffer 978 to protect the render data before sharing the render data with the Host OS 982. The confidential guest operating system 962 may use a privileged application programming interface (API) to communicate directly with the GPU. The API may not route through the Host OS 982 or VMM 1006 to be contained and controlled by the confidential guest OS 962, and to allocate encrypted buffer space not controlled by any other guest or VM.

The confidential guest OS 962 may pass message 980 to the proxy application 984. The message may include the encrypted confidential buffer 978 and/or a location of the encrypted confidential buffer 978 (e.g., a pointer). The message may further include an instruction to display the render data. The proxy application 984 passes the message 986 to a PAVP session 990. The PAVP session 990 passes the message 988 to composition engine 996.

An application 992 of the host OS 982 may pass application data 994 (e.g., data to be displayed) to a hardware-based composition engine 996. The application data may be displayed in conjunction (e.g., simultaneously) with the non-confidential data. In order to do so, the hardware-based composition engine 996 may decrypt the encrypted render data into clear text. The hardware-based composition engine 996 may be part of the GPU, and thus already have access to the first encryption key to execute decryption as discussed above. The hardware-based composition engine 996 may composite the unencrypted render data and the unencrypted application data together. Thereafter, the hardware-based composition engine 996 may encrypt the composited render data and the application data together according to a second encryption key, that is different from the first encryption key, to generate encrypted data. The composition engine 996 may then store the encrypted data 998 (e.g., a ciphertext of the render and application data) in an encrypted display buffer 1000.

When the encrypted data is ready for display, the hardware-based composition engine 996 (e.g., GPU) may decrypt the data and display the data 1002 on display 1004. Display 1004 may show application graphical user interface (GUI), which is based on the application data of the host operating system 982, and the guest GUI, which is based on the render data generated by the confidential guest OS 962. Thus, the plaintext of the render data is not directly accessible outside of the graphics processor hardware pipeline to remain in a protected state from malicious software that may be on the host OS 982.

As such, some embodiments, may facilitate a security enhanced communication process. Further, some embodiments may leverage hardware elements to enhance security.

The plaintext of the render data will only be available to the confidential guest OS 962 and while protected in the graphics processor hardware pipeline. Some embodiments may be modified to apply to encrypted content that may be streamed across network connections from a remote source. For example, the remote source may execute a process similar to the confidential guest OS 962 while a display device may execute a process similar to the host OS 982.

In some embodiments, the VMM 1006 may operate similarly to the host OS 962 to interact with hardware on behalf of the confidential guest OS 962. In such embodiments, the confidential guest OS 962 may encrypt and transfer data to the VMM 1006 similarly to as described herein, and a graphics processor associated with the VMM 1006 may decrypt, composite, encrypt the composited data, and decrypt the composited data for display.

FIG. 9C illustrates a method 1010 to securely transfer data from a guest OS (e.g., a virtual machine) that is to be rendered to a host OS for display. The method 690 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architectures 900 and 960 (FIGS. 9A and 9B) already discussed. More particularly, the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 1012 generates guest data by a guest OS (e.g., a virtual machine). Illustrated processing block 1014 encrypts the guest data on the guest OS side with a first encryption key (e.g., either on a GPU or with a session key from a TTE described above). Illustrated processing block 1016 transfers encrypted data via a PAVP of a host OS side. Illustrated processing block 1018 decrypts, with a GPU, the guest data with the first encryption key to generate clear text that may be interleaved and/or composite with other data. Illustrated processing block 1020 combines (e.g., combines and/or interleaves), with the GPU, the guest data with host data (e.g., application data) generated on the host side. Illustrated processing block 1022 encrypts the combined guest and host data with a second encryption key. The second encryption key may be different from the first encryption key. Illustrated processing block 1024 stores the encrypted combined guest and host data to a display buffer. In response to a display request, illustrated processing block 1026 decrypts the encrypted combined guest and host data with the second key to generate clear text that may be in a displayable format. Illustrated processing block 1028 displays the decrypted combined guest and host data.

Thus, some embodiments may permit only the guest OS side and the GPU to view clear test data. Doing so may enhance security and prevent access (e.g., scraping) by malicious actors.

FIG. 9D illustrates a method 1030 to securely handle data. The method 1030 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the architectures 900 and 960 (FIGS. 9A and 9B) and the method 1010 already discussed. More particularly, the method 1010 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof.

Illustrated processing block 1032 generates, with a virtual machine, confidential data to be rendered. Illustrated processing block 1034 encrypts, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data. Illustrated processing block 1036 stores the encrypted confidential data in a first buffer. Illustrated processing block 1038 decrypts, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.

In some embodiments, the method 1030 conducts a verification process with a trusted execution environment to prove an identity of the virtual machine, and receives, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment. In such embodiments, the session key is to be a private symmetric digital rights management (DRM) session key.

In some embodiments, the graphics processor generates the first key. In some embodiments, the method 1030 includes compositing the decrypted confidential data with application data to generate composited confidential and application data. The application data is associated with one or more application executing on a host operating system. In some embodiments, the method 1030 encrypts the composited confidential and application data according to a second key to generate encrypted composited confidential and application data, wherein the second key is to be different from the first key, and stores the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer. In some embodiments, in response to an identification that the encrypted composited confidential and application data will be displayed, method 1030 decrypts the encrypted composited confidential and application data according to the second key.

Support Paging of Encrypted Buffers in the GPU (FIGS. 9E-9G)

Some embodiments may enhance performance by permitting paging operations. For example, a memory manager may page out data from a low latency storage (e.g., memory) to a high latency storage (e.g., mass storage device). A virtual table may maintain a list of the virtual addresses and corresponding locations in the physical memory (e.g., map of virtual addresses to physical locations) to enable the paging operations.

Some encryption operations may be reliant on physical memory locations (e.g., the encryption may be adjusted based on the physical memory location). For example, an encryption mode may be an Advanced Encryption Standard (AES) cipher (e.g., XEX-based tweaked-codebook mode with ciphertext stealing (XTS)) based on host-physical address (HPA). The AES-XTS-HPA domain encryption may be able to enhance some operations by providing a layer of security. The pages that are encrypted according to the AES-XTS-HPA may need to be “pinned” for a lifetime of the pages so that the pages cannot be paged out. That is, AES-XTS-HPA is reliant on the physical address associated with data for encryption and decryption, and thus data must remain in the same physical address after encryption otherwise the data may not be decrypted properly. Operating systems lack the ability to guarantee that data, which is paged out from a first physical address, will be assuredly paged back into the first physical address, thus resulting in changes to memory locations, particularly when a CPU is not within the TCB (e.g., software running on the CPU such as OS/VMM may not be secure; the CPU hardware is in the TCB and a trusted application offloading computation to GPU running on the CPU is also in the TCB). Thus, while security may be enhanced, memory may be consumed by AES-XTS-HPA pages that are unable to be paged out resulting in inefficient memory usage, higher latency operations, particularly with memory intensive operations, and resulting in fairness inequities among different applications.

As an example, some GPU allocated buffers store data that is in an encrypted form using the HPA for a tweak in local memory and/or system memory to address potential threats. In some examples, a central processing unit (CPU) may not be within a trust control boundary. Therefore, the GPU may encrypt the buffers for security and to reduce unauthorized accesses by other elements, such as the CPU. Such encrypted buffers may have to be pinned for a lifetime with the AES-XTS-HPA encryption. As noted, doing so, results in paging operations on these buffers being unsupported. For example, if the encrypted data is paged out from a first memory location and then paged in again into a second memory location, the GPU may be unable to decrypt the data since the data has been moved. That is, the data is encrypted according to a tweak based on the first memory location. When the data is retrieved from the second memory location, the data is decrypted with a tweak based on the second memory location, which results in an unusable output since the data was not encrypted according to the second memory location.

To support paging operations, some embodiments use a GPU direct memory access (DMA) engine to perform the paging operation using a specific paging key and convert the buffer from a first encryption scheme that is based on HPA tweaks (e.g., AES-XTS-HPA) based domain to an HPA-agnostic encryption domain (e.g., authenticated encryption with associated data (AEAD) mode of encryption/integrity and/or GCM, CCM, Chacha-Poly).

An AEAD may be based on an authenticated encryption that allows a recipient to check the integrity of both the encrypted and unencrypted information in a message. For example, an AEAD scheme may bind associated data (AD) to the ciphertext and to the context. Doing so, may detect manipulation of data into different contexts.

Turning now to FIG. 9E, an encryption conversion scheme with a paging process 1050 is illustrated. The first buffer 1058 may be a local storage of the GPU. The GPU may then map the first encrypted data 1052 to an HPA agnostic scheme, and generate identification data 1078, 1060. The HPA agnostic scheme may be an AEAD encryption scheme. Thus, the data may be converted from the host physical address based encryption domain 1054 to the host physical address agnostic encryption domain 1062 to generate second encrypted data 1064 and the identification data 1078.

As noted, identification data 1078 may be generated. The identification data 1078 may be a page (e.g., a message authentication code (MAC) page) in protected memory 1056 that includes specific data (e.g., a checksum, and/or MAC value) associated with the second encrypted data 1064 to verify the second encrypted data 1064. The identification data 1078 may be stored in a protected memory 1056 (e.g., a stolen memory) that is inaccessible by other components, such as the CPU or host processor so that the other elements cannot read the identification data 1078 from the protected memory 1056. In some embodiments, a value of a global counter may be stored in association with the root MAC page in the protected memory 1056. The global counter may be incremented every time a paging operation (e.g., page out) is invoked. The value of the global counter may be used for encryption and to identify the values associated with the second encrypted data 1064. Thus, the value may be referenced to identify MAC values associated with the second encrypted data 1064. In some embodiments, the global counter survives all power states of the GPU where sessions continue to remain alive. Additionally, the GPU stores the global counter (e.g., 64 Bits) as part of the identification data 1078. The global counter may be reset when the GPU gets reset in entirety.

The global counter may be used as a reference to identify appropriate MAC pages. In some embodiments, the MAC page in the protected memory 1056 includes the value of the global counter, 254 128 bit MAC values associated with the second encrypted data 1064 (e.g., a hash value), 128 bit MAC values of a previous MAC page in the protected memory 1056, and a 64 bit counter global counter lock value of the previous MAC page (e.g., 64 bits storing the counter value of the previous MAC page). It is worthwhile to note that the MAC page may be agnostic to the physical address in the second buffer 1080 that the second encrypted data 1064 is stored within. For example, since the same physical memory address of the second buffer 1080 may be paged-out several times before data is paged-in to the same physical memory address, the physical memory address may be bypassed from being stored in association with the MAC page since the physical memory address may be common to numerous page-in and page-out operations.

A root counter value (e.g., a value of the global counter) for the MAC page may be stored in an internal register of the GPU and in association with an identifier of the second encrypted data 1064. When the second encrypted data 1064 is later retrieved, it is required for the corresponding MAC page to be loaded into protected memory using the GPU. In detail, the protected memory may only hold a single MAC page. Using the MAC value from the MAC page in the protected memory, some embodiments may traverse through MAC pages that are linked together by identifying data (e.g., one MAC page contains the identification data to another MAC page).

The second encrypted data 1064 may be paged out to memory 1082. It is worthwhile to note that the storage location of the second encrypted data 1064 may be flexible to be stored in any memory and/or storage device. For example, in some embodiments, a long-term storage may be substituted for the memory 1082. In some embodiments, the identification data 1078 may be maintained in the protected memory 1056.

The process 1050 may page in the second encrypted data 1064, 1070. The process 1050 may ensure the relevant MAC entries (e.g., 256 MAC entries) associated with a main surface page (e.g., the page being paged in) is loaded in the MAC page prior to the actual paging operation for loading of data. For example, the GPU may reference the register to identify the appropriate root counter value, retrieve (or cause to be retrieved by software), the identification data 1078 from the protected memory 1056 and identify the MAC values.

The process 1050 may verify during decryption 1074 that the correct page is provided and generate the decrypted data 1084. For example, the GPU DMA engine may compare the MAC generated based on the retrieved data identified during the decryption operation to the expected value from the MAC page stored in associated with the identification data 1078. If the generated MAC does not match the MAC values associated with the second encrypted data 1064 retrieved from the MAC page, further operations based on the second encrypted data 1064 may be bypassed and remedied. As illustrated, the second encrypted data 1064 is decrypted to the first encrypted data 1052 in the host physical address based encryption domain. A GPU may decrypt the first encrypted data 1052 in some embodiments to obtain clear text data.

Thus, some embodiments provide enhanced memory usage while still maintaining security boundaries. For example, the GPU may still enforce security even while data is paged out of memory.

FIG. 9F illustrates a method 1090 to handle paging operations securely. The method 1090 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 1050 (FIG. 9E) already discussed. More particularly, the method 1090 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof. In some embodiments, aspects of method 1090 are implemented in a GPU.

Illustrated processing block 1092 identifies that encrypted data is in a first format (e.g., AES-XTS-HPA) that does not permit paging operations. Illustrated processing block 1106 determines that the CPU is not within a TCB. For example, an operation (e.g., digital-rights media operations) associated with the encrypted data may not include the CPU within the TCB. Thus, illustrated processing block 1106 identifies that operations associated with the encrypted data do not permit the CPU to access and decrypt the encrypted data. In some embodiments, if the CPU is within the TCB the method 1090 may cease without converting the encrypted data to a format compatible with paging.

Illustrated processing block 1096 identifies that a page-out operation will be executed. Illustrated processing block 1094 converts encrypted data to a second format (e.g., AEAD) that permits paging and generates a MAC page (e.g., based on the AEAD format) and stores the MAC page, and increments a global counter. Illustrated processing block 1108 identifies that the encrypted data will be paged-in with a main page.

Illustrated processing block 1102 retrieves the MAC page corresponding to the main page (that includes the paged out encrypted data). Illustrated processing block 1130 pages in the main page. Illustrated processing block 1112 determines if a stored MAC value of the encrypted data (e.g., as stored in the MAC page) matches (e.g., is the same as) a MAC value calculated based on the paged-in data from the main page. If so, illustrated processing block 1116 executes operations with the paged-in data. Otherwise, the retrieved data is not the same as the encrypted data that was paged-out. Thus, illustrated processing block 1114 bypasses operations with the paged-in data to enforce security protocols.

It is worthwhile to note that method 1090 may execute for each of a plurality of different data associated with different operations and may execute concurrently for each data that is to be paged-out. Thus, the global counter may be incremented numerous times based on data that is to be paged-out.

FIG. 9G illustrates a method 1120 of paging data. The method 1120 may generally be implemented in conjunction with any of the embodiments described herein, such as, for example the process 1050 (FIG. 9E) and/or the method 1090 (FIG. 9F) already discussed. More particularly, the method 1120 may be implemented in one or more modules as a set of logic instructions stored in a machine- or computer-readable storage medium such as RAM, ROM, PROM, firmware, flash memory, etc., in configurable logic such as, for example, PLAs, FPGAs, CPLDs, in fixed-functionality logic hardware using circuit technology such as, for example, ASIC, CMOS or TTL technology, or any combination thereof. In some embodiments, aspects of method 1120 are implemented in a GPU.

Illustrated processing block 1122 identifies that first data is in a first format, where the first format is in a physical address based encryption format. Illustrated processing block 1124 converts, with the graphics processor, the first data from the first format to a second format, where the second format is in a physical address agnostic encryption format. Illustrated processing block 1126 pages-out the first data, that is in the second format, from the memory to the non-volatile storage. In some embodiments, method 1120 increments a global counter in response to an identification that the first data will be paged-out. In some embodiments, method 1120 generates a message authentication code (MAC) value based on the first data that is in the second format. In some embodiments, method 1120 stores the MAC value and a value of the global counter in a protected memory.

In some embodiments, method 1120 pages-in second data from a storage, calculates a message authentication code (MAC) value based on the second data, and compares the MAC value of the second data to a MAC value t stored in the protected memory to determine whether the second data corresponds to the first data. Further, in some embodiments, method 1120 executes one or more operations based on the second data when the MAC value of the second data is the same as the MAC value of the first data, and/or bypasses one or more operations based on the second data when the MAC value of the second data is dissimilar from the MAC value of the first data.

System Overview

FIG. 10 is a block diagram of a processing system 1400, according to an embodiment. System 1400 may be used in a single processor desktop system, a multiprocessor workstation system, or a server system having a large number of processors 102 or processor cores 107. In one embodiment, the system 1400 is a processing platform incorporated within a system-on-a-chip (SoC) integrated circuit for use in mobile, handheld, or embedded devices such as within Internet-of-things (IoT) devices with wired or wireless connectivity to a local or wide area network.

In one embodiment, system 1400 can include, couple with, or be integrated within: a server-based gaming platform; a game console, including a game and media console; a mobile gaming console, a handheld game console, or an online game console. In some embodiments the system 1400 is part of a mobile phone, smart phone, tablet computing device or mobile Internet-connected device such as a laptop with low internal storage capacity. Processing system 1400 can also include, couple with, or be integrated within: a wearable device, such as a smart watch wearable device; smart eyewear or clothing enhanced with augmented reality (AR) or virtual reality (VR) features to provide visual, audio or tactile outputs to supplement real world visual, audio or tactile experiences or otherwise provide text, audio, graphics, video, holographic images or video, or tactile feedback; other augmented reality (AR) device; or other virtual reality (VR) device. In some embodiments, the processing system 1400 includes or is part of a television or set top box device. In one embodiment, system 1400 can include, couple with, or be integrated within a self-driving vehicle such as a bus, tractor trailer, car, motor or electric power cycle, plane or glider (or any combination thereof). The self-driving vehicle may use system 1400 to process the environment sensed around the vehicle.

In some embodiments, the one or more processors 1402 each include one or more processor cores 1407 to process instructions which, when executed, perform operations for system or user software. In some embodiments, at least one of the one or more processor cores 1407 is configured to process a specific instruction set 1409. In some embodiments, instruction set 1409 may facilitate Complex Instruction Set Computing (CISC), Reduced Instruction Set Computing (RISC), or computing via a Very Long Instruction Word (VLIW). One or more processor cores 1407 may process a different instruction set 1409, which may include instructions to facilitate the emulation of other instruction sets. Processor core 1407 may also include other processing devices, such as a Digital Signal Processor (DSP).

In some embodiments, the processor 1402 includes cache memory 1404. Depending on the architecture, the processor 1402 can have a single internal cache or multiple levels of internal cache. In some embodiments, the cache memory is shared among various components of the processor 1402. In some embodiments, the processor 1402 also uses an external cache (e.g., a Level-3 (L3) cache or Last Level Cache (LLC)) (not shown), which may be shared among processor cores 1407 using known cache coherency techniques. A register file 1406 can be additionally included in processor 1402 and may include different types of registers for storing different types of data (e.g., integer registers, floating point registers, status registers, and an instruction pointer register). Some registers may be general-purpose registers, while other registers may be specific to the design of the processor 1402.

In some embodiments, one or more processor(s) 1402 are coupled with one or more interface bus(es) 1410 to transmit communication signals such as address, data, or control signals between processor 1402 and other components in the system 1400. The interface bus 1410, in one embodiment, can be a processor bus, such as a version of the Direct Media Interface (DMI) bus. However, processor busses are not limited to the DMI bus, and may include one or more Peripheral Component Interconnect buses (e.g., PCI, PCI express), memory busses, or other types of interface busses. In one embodiment the processor(s) 1402 include an integrated memory controller 1416 and a platform controller hub 1430. The memory controller 1416 facilitates communication between a memory device and other components of the system 1400, while the platform controller hub (PCH) 1430 provides connections to I/O devices via a local I/O bus.

The memory device 1420 can be a dynamic random-access memory (DRAM) device, a static random-access memory (SRAM) device, flash memory device, phase-change memory device, or some other memory device having suitable performance to serve as process memory. In one embodiment the memory device 1420 can operate as system memory for the system 1400, to store data 1422 and instructions 1421 for use when the one or more processors 1402 executes an application or process. Memory controller 1416 also couples with an optional external graphics processor 1418, which may communicate with the one or more graphics processors 1408 in processors 1402 to perform graphics and media operations. In some embodiments, graphics, media, and or compute operations may be assisted by an accelerator 1412 which is a coprocessor that can be configured to perform a specialized set of graphics, media, or compute operations. For example, in one embodiment the accelerator 1412 is a matrix multiplication accelerator used to optimize machine learning or compute operations. In one embodiment the accelerator 1412 is a ray-tracing accelerator that can be used to perform ray-tracing operations in concert with the graphics processor 1408. In one embodiment, an external accelerator 1419 may be used in place of or in concert with the accelerator 1412.

In some embodiments a display device 1411 can connect to the processor(s) 1402. The display device 1411 can be one or more of an internal display device, as in a mobile electronic device or a laptop device or an external display device attached via a display interface (e.g., DisplayPort, etc.). In one embodiment the display device 1411 can be a head mounted display (HMD) such as a stereoscopic display device for use in virtual reality (VR) applications or augmented reality (AR) applications.

In some embodiments the platform controller hub 130 enables peripherals to connect to memory device 1420 and processor 1402 via a high-speed I/O bus. The I/O peripherals include, but are not limited to, an audio controller 1446, a network controller 1434, a firmware interface 1428, a wireless transceiver 1426, touch sensors 1425, a data storage device 1424 (e.g., non-volatile memory, volatile memory, hard disk drive, flash memory, NAND, 3D NAND, 3D XPoint, etc.). The data storage device 1424 can connect via a storage interface (e.g., SATA) or via a peripheral bus, such as a Peripheral Component Interconnect bus (e.g., PCI, PCI express). The touch sensors 1425 can include touch screen sensors, pressure sensors, or fingerprint sensors. The wireless transceiver 1426 can be a Wi-Fi transceiver, a Bluetooth transceiver, or a mobile network transceiver such as a 3G, 4G, 5G, or Long-Term Evolution (LTE) transceiver. The firmware interface 1428 enables communication with system firmware, and can be, for example, a unified extensible firmware interface (UEFI). The network controller 1434 can enable a network connection to a wired network. In some embodiments, a high-performance network controller (not shown) couples with the interface bus 1410. The audio controller 1446, in one embodiment, is a multi-channel high definition audio controller. In one embodiment the system 1400 includes an optional legacy I/O controller 1440 for coupling legacy (e.g., Personal System 2 (PS/2)) devices to the system. The platform controller hub 1430 can also connect to one or more Universal Serial Bus (USB) controllers 1442 connect input devices, such as keyboard and mouse 1443 combinations, a camera 1444, or other USB input devices.

It will be appreciated that the system 1400 shown is exemplary and not limiting, as other types of data processing systems that are differently configured may also be used. For example, an instance of the memory controller 1416 and platform controller hub 1430 may be integrated into a discreet external graphics processor, such as the external graphics processor 1418. In one embodiment the platform controller hub 1430 and/or memory controller 1416 may be external to the one or more processor(s) 1402. For example, the system 1400 can include an external memory controller 1416 and platform controller hub 1430, which may be configured as a memory controller hub and peripheral controller hub within a system chipset that is in communication with the processor(s) 1402.

For example, circuit boards (“sleds”) can be used on which components such as CPUs, memory, and other components are placed are designed for increased thermal performance. In some examples, processing components such as the processors are located on a top side of a sled while near memory, such as DIMMs, are located on a bottom side of the sled. As a result of the enhanced airflow provided by this design, the components may operate at higher frequencies and power levels than in typical systems, thereby increasing performance. Furthermore, the sleds are configured to blindly mate with power and data communication cables in a rack, thereby enhancing their ability to be quickly removed, upgraded, reinstalled, and/or replaced. Similarly, individual components located on the sleds, such as processors, accelerators, memory, and data storage drives, are configured to be easily upgraded due to their increased spacing from each other. In the illustrative embodiment, the components additionally include hardware attestation features to prove their authenticity.

A data center can utilize a single network architecture (“fabric”) that supports multiple other network architectures including Ethernet and Omni-Path. The sleds can be coupled to switches via optical fibers, which provide higher bandwidth and lower latency than typical twisted pair cabling (e.g., Category 5, Category 5e, Category 6, etc.). Due to the high bandwidth, low latency interconnections and network architecture, the data center may, in use, pool resources, such as memory, accelerators (e.g., GPUs, graphics accelerators, FPGAs, ASICs, neural network and/or artificial intelligence accelerators, etc.), and data storage drives that are physically disaggregated, and provide them to compute resources (e.g., processors) on an as needed basis, enabling the compute resources to access the pooled resources as if they were local.

A power supply or source can provide voltage and/or current to system 1400 or any component or system described herein. In one example, the power supply includes an AC to DC (alternating current to direct current) adapter to plug into a wall outlet. Such AC power can be renewable energy (e.g., solar power) power source. In one example, power source includes a DC power source, such as an external AC to DC converter. In one example, power source or power supply includes wireless charging hardware to charge via proximity to a charging field. In one example, power source can include an internal battery, alternating current supply, motion-based power supply, solar power supply, or fuel cell source.

FIGS. 11A-11D illustrate computing systems and graphics processors provided by embodiments described herein. The elements of FIGS. 11A-11D having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.

FIG. 11A is a block diagram of an embodiment of a processor 1500 having one or more processor cores 1502A-1502N, an integrated memory controller 1514, and an integrated graphics processor 1508. Processor 1500 can include additional cores up to and including additional core 1502N represented by the dashed lined boxes. Each of processor cores 1502A-1502N includes one or more internal cache units 1504A-1504N. In some embodiments each processor core also has access to one or more shared cache units 1506. The internal cache units 1504A-1504N and shared cache units 1506 represent a cache memory hierarchy within the processor 1500. The cache memory hierarchy may include at least one level of instruction and data cache within each processor core and one or more levels of shared mid-level cache, such as a Level 2 (L2), Level 3 (L3), Level 4 (L4), or other levels of cache, where the highest level of cache before external memory is classified as the LLC. In some embodiments, cache coherency logic maintains coherency between the various cache units 1506 and 1504A-1504N.

In some embodiments, processor 1500 may also include a set of one or more bus controller units 1516 and a system agent core 1510. The one or more bus controller units 1516 manage a set of peripheral buses, such as one or more PCI or PCI express busses. System agent core 1510 provides management functionality for the various processor components. In some embodiments, system agent core 1510 includes one or more integrated memory controllers 1514 to manage access to various external memory devices (not shown).

In some embodiments, one or more of the processor cores 1502A-1502N include support for simultaneous multi-threading. In such embodiment, the system agent core 1510 includes components for coordinating and operating cores 1502A-1502N during multi-threaded processing. System agent core 1510 may additionally include a power control unit (PCU), which includes logic and components to regulate the power state of processor cores 1502A-1502N and graphics processor 1508.

In some embodiments, processor 1500 additionally includes graphics processor 1508 to execute graphics processing operations. In some embodiments, the graphics processor 1508 couples with the set of shared cache units 1506, and the system agent core 1510, including the one or more integrated memory controllers 1514. In some embodiments, the system agent core 1510 also includes a display controller 1511 to drive graphics processor output to one or more coupled displays. In some embodiments, display controller 1511 may also be a separate module coupled with the graphics processor via at least one interconnect, or may be integrated within the graphics processor 1508.

In some embodiments, a ring-based interconnect unit 1512 is used to couple the internal components of the processor 1500. However, an alternative interconnect unit may be used, such as a point-to-point interconnect, a switched interconnect, or other techniques, including techniques well known in the art. In some embodiments, graphics processor 1508 couples with the ring interconnect 1512 via an I/O link 1513.

The exemplary I/O link 1513 represents at least one of multiple varieties of I/O interconnects, including an on package I/O interconnect which facilitates communication between various processor components and a high-performance embedded memory module 1518, such as an eDRAM module. In some embodiments, each of the processor cores 1502A-1502N and graphics processor 1508 can use embedded memory modules 1518 as a shared Last Level Cache.

In some embodiments, processor cores 1502A-1502N are homogenous cores executing the same instruction set architecture. In another embodiment, processor cores 1502A-1502N are heterogeneous in terms of instruction set architecture (ISA), where one or more of processor cores 1502A-1502N execute a first instruction set, while at least one of the other cores executes a subset of the first instruction set or a different instruction set. In one embodiment, processor cores 1502A-1502N are heterogeneous in terms of microarchitecture, where one or more cores having a relatively higher power consumption couple with one or more power cores having a lower power consumption. In one embodiment, processor cores 1502A-1502N are heterogeneous in terms of computational capability. Additionally, processor 1500 can be implemented on one or more chips or as an SoC integrated circuit having the illustrated components, in addition to other components.

FIG. 11B is a block diagram of hardware logic of a graphics processor core 1519, according to some embodiments described herein. Elements of FIG. 11B having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such. The graphics processor core 1519, sometimes referred to as a core slice, can be one or multiple graphics cores within a modular graphics processor. The graphics processor core 1519 is exemplary of one graphics core slice, and a graphics processor as described herein may include multiple graphics core slices based on target power and performance envelopes. Each graphics processor core 1519 can include a fixed function block 1530 coupled with multiple sub-cores 1521A-1521F, also referred to as sub-slices, that include modular blocks of general-purpose and fixed function logic.

In some embodiments, the fixed function block 1530 includes a geometry/fixed function pipeline 1531 that can be shared by all sub-cores in the graphics processor core 1519, for example, in lower performance and/or lower power graphics processor implementations. In various embodiments, the geometry/fixed function pipeline 1531 includes a 3D fixed function pipeline (e.g., 3D pipeline 1612 as in FIG. 13, described below) a video front-end unit, a thread spawner and thread dispatcher, and a unified return buffer manager, which manages unified return buffers (e.g., unified return buffer 1718 in FIG. 13, as described below).

In one embodiment the fixed function block 1530 also includes a graphics SoC interface 1532, a graphics microcontroller 1533, and a media pipeline 1534. The graphics SoC interface 1532 provides an interface between the graphics processor core 1519 and other processor cores within a system on a chip integrated circuit. The graphics microcontroller 1533 is a programmable sub-processor that is configurable to manage various functions of the graphics processor core 1519, including thread dispatch, scheduling, and pre-emption. The media pipeline 1534 (e.g., media pipeline 1616 of FIG. 12A) includes logic to facilitate the decoding, encoding, pre-processing, and/or post-processing of multimedia data, including image and video data. The media pipeline 1534 implement media operations via requests to compute or sampling logic within the sub-cores 1521-1521F.

In one embodiment the SoC interface 1532 enables the graphics processor core 1519 to communicate with general-purpose application processor cores (e.g., CPUs) and/or other components within an SoC, including memory hierarchy elements such as a shared last level cache memory, the system RAM, and/or embedded on-chip or on-package DRAM. The SoC interface 1532 can also enable communication with fixed function devices within the SoC, such as camera imaging pipelines, and enables the use of and/or implements global memory atomics that may be shared between the graphics processor core 1519 and CPUs within the SoC. The SoC interface 1532 can also implement power management controls for the graphics processor core 1519 and enable an interface between a clock domain of the graphic core 1519 and other clock domains within the SoC. In one embodiment the SoC interface 1532 enables receipt of command buffers from a command streamer and global thread dispatcher that are configured to provide commands and instructions to each of one or more graphics cores within a graphics processor. The commands and instructions can be dispatched to the media pipeline 1534, when media operations are to be performed, or a geometry and fixed function pipeline (e.g., geometry and fixed function pipeline 1531, geometry and fixed function pipeline 1537) when graphics processing operations are to be performed.

The graphics microcontroller 1533 can be configured to perform various scheduling and management tasks for the graphics processor core 1519. In one embodiment the graphics microcontroller 1533 can perform graphics and/or compute workload scheduling on the various graphics parallel engines within execution unit (EU) arrays 1522A-1522F, 1524A-1524F within the sub-cores 1521A-1521F. In this scheduling model, host software executing on a CPU core of an SoC including the graphics processor core 1519 can submit workloads one of multiple graphic processor doorbells, which invokes a scheduling operation on the appropriate graphics engine. Scheduling operations include determining which workload to run next, submitting a workload to a command streamer, pre-empting existing workloads running on an engine, monitoring progress of a workload, and notifying host software when a workload is complete. In one embodiment the graphics microcontroller 1533 can also facilitate low-power or idle states for the graphics processor core 1519, providing the graphics processor core 1519 with the ability to save and restore registers within the graphics processor core 1519 across low-power state transitions independently from the operating system and/or graphics driver software on the system.

The graphics processor core 1519 may have greater than or fewer than the illustrated sub-cores 1521A-1521F, up to N modular sub-cores. For each set of N sub-cores, the graphics processor core 1519 can also include shared function logic 1535, shared and/or cache memory 1536, a geometry/fixed function pipeline 1537, as well as additional fixed function logic (not shown) to accelerate various graphics and compute processing operations. The shared function logic 1535 can include logic units associated with the shared function logic 1720 of FIG. 13 (e.g., sampler, math, and/or inter-thread communication logic) that can be shared by each N sub-cores within the graphics processor core 1519. The shared and/or cache memory 1536 can be a last-level cache for the set of N sub-cores 1521A-1521F within the graphics processor core 1519, and can also serve as shared memory that is accessible by multiple sub-cores. The geometry/fixed function pipeline 1537 can be included instead of the geometry/fixed function pipeline 1531 within the fixed function block 1530 and can include the same or similar logic units.

In one embodiment the graphics processor core 1519 includes additional fixed function logic that can include various fixed function acceleration logic for use by the graphics processor core 1519. In one embodiment the additional fixed function logic includes an additional geometry pipeline for use in position only shading. In position-only shading, two geometry pipelines exist, the full geometry pipeline within the geometry/fixed function pipeline 238, 1531, and a cull pipeline, which is an additional geometry pipeline which may be included within the additional fixed function logic 238. In one embodiment the cull pipeline is a trimmed down version of the full geometry pipeline. The full pipeline and the cull pipeline can execute different instances of the same application, each instance having a separate context. Position only shading can hide long cull runs of discarded triangles, enabling shading to be completed earlier in some instances. For example and in one embodiment the cull pipeline logic within the additional fixed function logic can execute position shaders in parallel with the main application and generally generates critical results faster than the full pipeline, as the cull pipeline fetches and shades only the position attribute of the vertices, without performing rasterization and rendering of the pixels to the frame buffer. The cull pipeline can use the generated critical results to compute visibility information for all the triangles without regard to whether those triangles are culled. The full pipeline (which in this instance may be referred to as a replay pipeline) can consume the visibility information to skip the culled triangles to shade only the visible triangles that are finally passed to the rasterization phase.

In one embodiment the additional fixed function logic can also include machine-learning acceleration logic, such as fixed function matrix multiplication logic, for implementations including optimizations for machine learning training or inferencing.

Within each graphics sub-core 1521A-1521F includes a set of execution resources that may be used to perform graphics, media, and compute operations in response to requests by graphics pipeline, media pipeline, or shader programs. The graphics sub-cores 1521A-1521F include multiple EU arrays 1522A-1522F, 1524A-1524F, thread dispatch and inter-thread communication (TD/IC) logic 1523A-1523F, a 3D (e.g., texture) sampler 1525A-1525F, a media sampler 1507A-1507F, a shader processor 1527A-1527F, and shared local memory (SLM) 1528A-1528F. The EU arrays 1522A-1522F, 1524A-1524F each include multiple execution units, which are general-purpose graphics processing units capable of performing floating-point and integer/fixed-point logic operations in service of a graphics, media, or compute operation, including graphics, media, or compute shader programs. The TD/IC logic 1523A-1523F performs local thread dispatch and thread control operations for the execution units within a sub-core and facilitate communication between threads executing on the execution units of the sub-core. The 3D sampler 1525A-1525F can read texture or other 3D graphics related data into memory. The 3D sampler can read texture data differently based on a configured sample state and the texture format associated with a given texture. The media sampler 1507A-1507F can perform similar read operations based on the type and format associated with media data. In one embodiment, each graphics sub-core 1521A-1521F can alternately include a unified 3D and media sampler. Threads executing on the execution units within each of the sub-cores 1521A-1521F can make use of shared local memory 1528A-1528F within each sub-core, to enable threads executing within a thread group to execute using a common pool of on-chip memory.

FIG. 11C illustrates a graphics processing unit (GPU) 1539 that includes dedicated sets of graphics processing resources arranged into multi-core groups 1540A-1540N. While the details of only a single multi-core group 1540A are provided, it will be appreciated that the other multi-core groups 1540B-1540N may be equipped with the same or similar sets of graphics processing resources.

As illustrated, a multi-core group 1540A may include a set of graphics cores 1543, a set of tensor cores 1544, and a set of ray tracing cores 1545. A scheduler/dispatcher 1541 schedules and dispatches the graphics threads for execution on the various cores 1543, 1544, 1545. A set of register files 1542 store operand values used by the cores 1543, 1544, 1545 when executing the graphics threads. These may include, for example, integer registers for storing integer values, floating point registers for storing floating point values, vector registers for storing packed data elements (integer and/or floating point data elements) and tile registers for storing tensor/matrix values. In one embodiment, the tile registers are implemented as combined sets of vector registers.

One or more combined level 1 (L1) caches and shared memory units 1547 store graphics data such as texture data, vertex data, pixel data, ray data, bounding volume data, etc., locally within each multi-core group 1540A. One or more texture units 1547 can also be used to perform texturing operations, such as texture mapping and sampling. A Level 2 (L2) cache 1553 shared by all or a subset of the multi-core groups 1540A-1540N stores graphics data and/or instructions for multiple concurrent graphics threads. As illustrated, the L2 cache 1553 may be shared across a plurality of multi-core groups 1540A-1540N. One or more memory controllers 1548 couple the GPU 1539 to a memory 1549 which may be a system memory (e.g., DRAM) and/or a dedicated graphics memory (e.g., GDDR6 memory).

Input/output (I/O) circuitry 1550 couples the GPU 1539 to one or more I/O devices 1552 such as digital signal processors (DSPs), network controllers, or user input devices. An on-chip interconnect may be used to couple the I/O devices 1552 to the GPU 1539 and memory 1549. One or more I/O memory management units (IOMMUs) 1551 of the I/O circuitry 1550 couple the I/O devices 1552 directly to the system memory 1549. In one embodiment, the IOMMU 1551 manages multiple sets of page tables to map virtual addresses to physical addresses in system memory 1549. In this embodiment, the I/O devices 1552, CPU(s) 1546, and GPU(s) 1539 may share the same virtual address space.

In one implementation, the IOMMU 1551 supports virtualization. In this case, it may manage a first set of page tables to map guest/graphics virtual addresses to guest/graphics physical addresses and a second set of page tables to map the guest/graphics physical addresses to system/host physical addresses (e.g., within system memory 1549). The base addresses of each of the first and second sets of page tables may be stored in control registers and swapped out on a context switch (e.g., so that the new context is provided with access to the relevant set of page tables). While not illustrated in FIG. 11C, each of the cores 1543, 1544, 1545 and/or multi-core groups 1540A-1540N may include translation lookaside buffers (TLBs) to cache guest virtual to guest physical translations, guest physical to host physical translations, and guest virtual to host physical translations.

In one embodiment, the CPUs 1546, GPUs 1539, and I/O devices 1552 are integrated on a single semiconductor chip and/or chip package. The illustrated memory 1549 may be integrated on the same chip or may be coupled to the memory controllers 1548 via an off-chip interface. In one implementation, the memory 1549 comprises GDDR6 memory which shares the same virtual address space as other physical system-level memories, although the underlying principles of the embodiment are not limited to this specific implementation.

In one embodiment, the tensor cores 1544 include a plurality of execution units specifically designed to perform matrix operations, which are the fundamental compute operation used to perform deep learning operations. For example, simultaneous matrix multiplication operations may be used for neural network training and inferencing. The tensor cores 1544 may perform matrix processing using a variety of operand precisions including single precision floating-point (e.g., 32 bits), half-precision floating point (e.g., 16 bits), integer words (16 bits), bytes (8 bits), and half-bytes (4 bits). In one embodiment, a neural network implementation extracts features of each rendered scene, potentially combining details from multiple frames, to construct a high-quality final image.

In deep learning implementations, parallel matrix multiplication work may be scheduled for execution on the tensor cores 1544. The training of neural networks, in particular, requires a significant number matrix dot product operations. In order to process an inner-product formulation of an N×N×N matrix multiply, the tensor cores 1544 may include at least N dot-product processing elements. Before the matrix multiply begins, one entire matrix is loaded into tile registers and at least one column of a second matrix is loaded each cycle for N cycles. Each cycle, there are N dot products that are processed.

Matrix elements may be stored at different precisions depending on the particular implementation, including 16-bit words, 8-bit bytes (e.g., INT8) and 4-bit half-bytes (e.g., INT4). Different precision modes may be specified for the tensor cores 1544 to ensure that the most efficient precision is used for different workloads (e.g., such as inferencing workloads which can tolerate quantization to bytes and half-bytes).

In one embodiment, the ray tracing cores 1545 accelerate ray tracing operations for both real-time ray tracing and non-real-time ray tracing implementations. In particular, the ray tracing cores 1545 include ray traversal/intersection circuitry for performing ray traversal using bounding volume hierarchies (BVHs) and identifying intersections between rays and primitives enclosed within the BVH volumes. The ray tracing cores 1545 may also include circuitry for performing depth testing and culling (e.g., using a Z buffer or similar arrangement). In one implementation, the ray tracing cores 1545 perform traversal and intersection operations in concert with the image denoising techniques described herein, at least a portion of which may be executed on the tensor cores 1544. For example, in one embodiment, the tensor cores 1544 implement a deep learning neural network to perform denoising of frames generated by the ray tracing cores 1545. However, the CPU(s) 1546, graphics cores 1543, and/or ray tracing cores 1545 may also implement all or a portion of the denoising and/or deep learning algorithms.

In addition, as described above, a distributed approach to denoising may be employed in which the GPU 1539 is in a computing device coupled to other computing devices over a network or high speed interconnect. In this embodiment, the interconnected computing devices share neural network learning/training data to improve the speed with which the overall system learns to perform denoising for different types of image frames and/or different graphics applications.

In one embodiment, the ray tracing cores 1545 process all BVH traversal and ray-primitive intersections, saving the graphics cores 1543 from being overloaded with thousands of instructions per ray. In one embodiment, each ray tracing core 1545 includes a first set of specialized circuitry for performing bounding box tests (e.g., for traversal operations) and a second set of specialized circuitry for performing the ray-triangle intersection tests (e.g., intersecting rays which have been traversed). Thus, in one embodiment, the multi-core group 1540A can simply launch a ray probe, and the ray tracing cores 1545 independently perform ray traversal and intersection and return hit data (e.g., a hit, no hit, multiple hits, etc.) to the thread context. The other cores 1543, 1544 are freed to perform other graphics or compute work while the ray tracing cores 1545 perform the traversal and intersection operations.

In one embodiment, each ray tracing core 1545 includes a traversal unit to perform BVH testing operations and an intersection unit which performs ray-primitive intersection tests. The intersection unit generates a “hit”, “no hit”, or “multiple hit” response, which it provides to the appropriate thread. During the traversal and intersection operations, the execution resources of the other cores (e.g., graphics cores 1543 and tensor cores 1544) are freed to perform other forms of graphics work.

In one particular embodiment described below, a hybrid rasterization/ray tracing approach is used in which work is distributed between the graphics cores 1543 and ray tracing cores 1545.

In one embodiment, the ray tracing cores 1545 (and/or other cores 1543, 1544) include hardware support for a ray tracing instruction set such as Microsoft's DirectX Ray Tracing (DXR) which includes a DispatchRays command, as well as ray-generation, closest-hit, any-hit, and miss shaders, which enable the assignment of unique sets of shaders and textures for each object. Another ray tracing platform which may be supported by the ray tracing cores 1545, graphics cores 1543 and tensor cores 1544 is Vulkan 1.1.85. Note, however, that the underlying principles of the embodiments are not limited to any particular ray tracing ISA.

In general, the various cores 1545, 1544, 1543 may support a ray tracing instruction set that includes instructions/functions for ray generation, closest hit, any hit, ray-primitive intersection, per-primitive and hierarchical bounding box construction, miss, visit, and exceptions. More specifically, one embodiment includes ray tracing instructions to perform the following functions:

Ray Generation—Ray generation instructions may be executed for each pixel, sample, or other user-defined work assignment.

Closest Hit—A closest hit instruction may be executed to locate the closest intersection point of a ray with primitives within a scene.

Any Hit—An any hit instruction identifies multiple intersections between a ray and primitives within a scene, potentially to identify a new closest intersection point.

Intersection—An intersection instruction performs a ray-primitive intersection test and outputs a result.

Per-primitive Bounding box Construction—This instruction builds a bounding box around a given primitive or group of primitives (e.g., when building a new BVH or other acceleration data structure).

Miss—Indicates that a ray misses all geometry within a scene, or specified region of a scene.

Visit—Indicates the children volumes a ray will traverse.

Exceptions—Includes various types of exception handlers (e.g., invoked for various error conditions).

FIG. 11D is a block diagram of general purpose graphics processing unit (GPGPU) 1570 that can be configured as a graphics processor and/or compute accelerator, according to embodiments described herein. The GPGPU 1570 can interconnect with host processors (e.g., one or more CPU(s) 1546) and memory 1571, 1572 via one or more system and/or memory busses. In one embodiment the memory 1571 is system memory that may be shared with the one or more CPU(s) 1546, while memory 1572 is device memory that is dedicated to the GPGPU 1570. In one embodiment, components within the GPGPU 1570 and device memory 1572 may be mapped into memory addresses that are accessible to the one or more CPU(s) 1546. Access to memory 1571 and 1572 may be facilitated via a memory controller 1568. In one embodiment the memory controller 1568 includes an internal direct memory access (DMA) controller 1569 or can include logic to perform operations that would otherwise be performed by a DMA controller.

The GPGPU 1570 includes multiple cache memories, including an L2 cache 1553, L1 cache 1554, an instruction cache 1555, and shared memory 1556, at least a portion of which may also be partitioned as a cache memory. The GPGPU 1570 also includes multiple compute units 1560A-1560N. Each compute unit 1560A-1560N includes a set of vector registers 1561, scalar registers 1562, vector logic units 1563, and scalar logic units 1564. The compute units 1560A-1560N can also include local shared memory 1565 and a program counter 1566. The compute units 1560A-1560N can couple with a constant cache 1567, which can be used to store constant data, which is data that will not change during the run of kernel or shader program that executes on the GPGPU 1570. In one embodiment the constant cache 1567 is a scalar data cache and cached data can be fetched directly into the scalar registers 1562.

During operation, the one or more CPU(s) 1546 can write commands into registers or memory in the GPGPU 1570 that has been mapped into an accessible address space. The command processors 1557 can read the commands from registers or memory and determine how those commands will be processed within the GPGPU 1570. A thread dispatcher 1558 can then be used to dispatch threads to the compute units 1560A-1560N to perform those commands. Each compute unit 1560A-1560N can execute threads independently of the other compute units. Additionally each compute unit 1560A-1560N can be independently configured for conditional computation and can conditionally output the results of computation to memory. The command processors 1557 can interrupt the one or more CPU(s) 1546 when the submitted commands are complete.

FIGS. 12A-12B illustrate block diagrams of additional graphics processor and compute accelerator architectures provided by embodiments described herein. The elements of FIGS. 12A-12B having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.

FIG. 12A is a block diagram of a graphics processor 1600, which may be a discrete graphics processing unit, or may be a graphics processor integrated with a plurality of processing cores, or other semiconductor devices such as, but not limited to, memory devices or network interfaces. In some embodiments, the graphics processor communicates via a memory mapped I/O interface to registers on the graphics processor and with commands placed into the processor memory. In some embodiments, graphics processor 1600 includes a memory interface 1614 to access memory. Memory interface 1614 can be an interface to local memory, one or more internal caches, one or more shared external caches, and/or to system memory.

In some embodiments, graphics processor 1600 also includes a display controller 1602 to drive display output data to a display device 1618. Display controller 1602 includes hardware for one or more overlay planes for the display and composition of multiple layers of video or user interface elements. The display device 1618 can be an internal or external display device. In one embodiment the display device 1618 is a head mounted display device, such as a virtual reality (VR) display device or an augmented reality (AR) display device. In some embodiments, graphics processor 1600 includes a video codec engine 1606 to encode, decode, or transcode media to, from, or between one or more media encoding formats, including, but not limited to Moving Picture Experts Group (MPEG) formats such as MPEG-2, Advanced Video Coding (AVC) formats such as H.264/MPEG-4 AVC, H.265/HEVC, Alliance for Open Media (AOMedia) VP8, VP9, as well as the Society of Motion Picture & Television Engineers (SMPTE) 421M/VC-1, and Joint Photographic Experts Group (JPEG) formats such as JPEG, and Motion JPEG (MJPEG) formats.

In some embodiments, graphics processor 1600 includes a block image transfer (BLIT) engine 1604 to perform two-dimensional (2D) rasterizer operations including, for example, bit-boundary block transfers. However, in one embodiment, 2D graphics operations are performed using one or more components of graphics processing engine (GPE) 1610. In some embodiments, GPE 1610 is a compute engine for performing graphics operations, including three-dimensional (3D) graphics operations and media operations.

In some embodiments, GPE 1610 includes a 3D pipeline 1612 for performing 3D operations, such as rendering three-dimensional images and scenes using processing functions that act upon 3D primitive shapes (e.g., rectangle, triangle, etc.). The 3D pipeline 1612 includes programmable and fixed function elements that perform various tasks within the element and/or spawn execution threads to a 3D/Media sub-system 1615. While 3D pipeline 1612 can be used to perform media operations, an embodiment of GPE 1610 also includes a media pipeline 1616 that is specifically used to perform media operations, such as video post-processing and image enhancement.

In some embodiments, media pipeline 1616 includes fixed function or programmable logic units to perform one or more specialized media operations, such as video decode acceleration, video de-interlacing, and video encode acceleration in place of, or on behalf of video codec engine 1606. In some embodiments, media pipeline 1616 additionally includes a thread spawning unit to spawn threads for execution on 3D/Media sub-system 1615. The spawned threads perform computations for the media operations on one or more graphics execution units included in 3D/Media sub-system 1615.

In some embodiments, 3D/Media subsystem 1615 includes logic for executing threads spawned by 3D pipeline 1612 and media pipeline 1616. In one embodiment, the pipelines send thread execution requests to 3D/Media subsystem 1615, which includes thread dispatch logic for arbitrating and dispatching the various requests to available thread execution resources. The execution resources include an array of graphics execution units to process the 3D and media threads. In some embodiments, 3D/Media subsystem 1615 includes one or more internal caches for thread instructions and data. In some embodiments, the subsystem also includes shared memory, including registers and addressable memory, to share data between threads and to store output data.

FIG. 12B illustrates a graphics processor 1620 having a tiled architecture, according to embodiments described herein. In one embodiment the graphics processor 1620 includes a graphics processing engine cluster 1622 having multiple instances of the graphics processing engine 1610 of FIG. 12A within a graphics engine tile 1610A-1610D. Each graphics engine tile 1610A-1610D can be interconnected via a set of tile interconnects 1623A-1623F. Each graphics engine tile 1610A-1610D can also be connected to a memory module or memory device 1626A-1626D via memory interconnects 1625A-1625D. The memory devices 1626A-1626D can use any graphics memory technology. For example, the memory devices 1626A-1626D may be graphics double data rate (GDDR) memory. The memory devices 1626A-1626D, in one embodiment, are high-bandwidth memory (HBM) modules that can be on-die with their respective graphics engine tile 1610A-1610D. In one embodiment the memory devices 1626A-1626D are stacked memory devices that can be stacked on top of their respective graphics engine tile 1610A-1610D. In one embodiment, each graphics engine tile 1610A-1610D and associated memory 1626A-1626D reside on separate chiplets, which are bonded to a base die or base substrate, as described on further detail in FIGS. 20B-20D.

The graphics processing engine cluster 1622 can connect with an on-chip or on-package fabric interconnect 1624. The fabric interconnect 1624 can enable communication between graphics engine tiles 1610A-1610D and components such as the video codec 1606 and one or more copy engines 1604. The copy engines 1604 can be used to move data out of, into, and between the memory devices 1626A-1626D and memory that is external to the graphics processor 1620 (e.g., system memory). The fabric interconnect 1624 can also be used to interconnect the graphics engine tiles 1610A-1610D. The graphics processor 1620 may optionally include a display controller 1602 to enable a connection with an external display device 1618. The graphics processor may also be configured as a graphics or compute accelerator. In the accelerator configuration, the display controller 1602 and display device 1618 may be omitted.

The graphics processor 1620 can connect to a host system via a host interface 1628. The host interface 1628 can enable communication between the graphics processor 1620, system memory, and/or other system components. The host interface 1628 can be, for example a PCI express bus or another type of host system interface.

FIG. 12C illustrates a compute accelerator 1630, according to embodiments described herein. The compute accelerator 1630 can include architectural similarities with the graphics processor 1620 of FIG. 12B and is optimized for compute acceleration. A compute engine cluster 1632 can include a set of compute engine tiles 1640A-1640D that include execution logic that is optimized for parallel or vector-based general-purpose compute operations. In some embodiments, the compute engine tiles 1640A-1640D do not include fixed function graphics processing logic, although in one embodiment one or more of the compute engine tiles 1640A-1640D can include logic to perform media acceleration. The compute engine tiles 1640A-1640D can connect to memory 1626A-1626D via memory interconnects 1625A-1625D. The memory 1626A-1626D and memory interconnects 1625A-1625D may be similar technology as in graphics processor 1620, or can be different. The graphics compute engine tiles 1640A-1640D can also be interconnected via a set of tile interconnects 1623A-1623F and may be connected with and/or interconnected by a fabric interconnect 1624. In one embodiment the compute accelerator 1630 includes a large L3 cache 1636 that can be configured as a device-wide cache. In some embodiments, the compute accelerator 1630 may encrypt data in a format that permits paging prior to storing data outside the compute engine cluster 1632 as described encryption conversion scheme with a paging process 1050 (FIG. 9E), the method 1090 (FIG. 9F) and method 1120 (FIG. 9G). The compute accelerator 1630 can also connect to a host processor and memory via a host interface 1628 in a similar manner as the graphics processor 1620 of FIG. 12B.

Graphics Processing Engine

FIG. 13 is a block diagram of a graphics processing engine 1710 of a graphics processor in accordance with some embodiments. In one embodiment, the graphics processing engine (GPE) 1710 is a version of the GPE 310 shown in FIG. 12A, and may also represent a graphics engine tile 310A-310D of FIG. 12B. Elements of FIG. 13 having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such. For example, the 3D pipeline 312 and media pipeline 316 of FIG. 12A are illustrated. The media pipeline 316 is optional in some embodiments of the GPE 1710 and may not be explicitly included within the GPE 1710. For example and in at least one embodiment, a separate media and/or image processor is coupled to the GPE 1710.

In some embodiments, GPE 1710 couples with or includes a command streamer 1703, which provides a command stream to the 3D pipeline 312 and/or media pipelines 316. In some embodiments, command streamer 1703 is coupled with memory, which can be system memory, or one or more of internal cache memory and shared cache memory. In some embodiments, command streamer 1703 receives commands from the memory and sends the commands to 3D pipeline 312 and/or media pipeline 316. The commands are directives fetched from a ring buffer, which stores commands for the 3D pipeline 312 and media pipeline 316. In one embodiment, the ring buffer can additionally include batch command buffers storing batches of multiple commands. The commands for the 3D pipeline 312 can also include references to data stored in memory, such as but not limited to vertex and geometry data for the 3D pipeline 312 and/or image data and memory objects for the media pipeline 316. The 3D pipeline 312 and media pipeline 316 process the commands and data by performing operations via logic within the respective pipelines or by dispatching one or more execution threads to a graphics core array 1714. In one embodiment the graphics core array 1714 include one or more blocks of graphics cores (e.g., graphics core(s) 1715A, graphics core(s) 1715B), each block including one or more graphics cores. Each graphics core includes a set of graphics execution resources that includes general-purpose and graphics specific execution logic to perform graphics and compute operations, as well as fixed function texture processing and/or machine learning and artificial intelligence acceleration logic.

In various embodiments the 3D pipeline 312 can include fixed function and programmable logic to process one or more shader programs, such as vertex shaders, geometry shaders, pixel shaders, fragment shaders, compute shaders, or other shader programs, by processing the instructions and dispatching execution threads to the graphics core array 1714. The graphics core array 1714 provides a unified block of execution resources for use in processing these shader programs. Multi-purpose execution logic (e.g., execution units) within the graphics core(s) 1715A-1714B of the graphic core array 1714 includes support for various 3D API shader languages and can execute multiple simultaneous execution threads associated with multiple shaders.

In some embodiments, the graphics core array 1714 includes execution logic to perform media functions, such as video and/or image processing. In one embodiment, the execution units include general-purpose logic that is programmable to perform parallel general-purpose computational operations, in addition to graphics processing operations. The general-purpose logic can perform processing operations in parallel or in conjunction with general-purpose logic within the processor core(s) 1407 of FIG. 10 or core 1502A-1502N as in FIG. 11A.

Output data generated by threads executing on the graphics core array 1714 can output data to memory in a unified return buffer (URB) 1718. The URB 1718 can store data for multiple threads. In some embodiments the URB 1718 may be used to send data between different threads executing on the graphics core array 1714. In some embodiments the URB 1718 may additionally be used for synchronization between threads on the graphics core array and fixed function logic within the shared function logic 1720.

In some embodiments, graphics core array 1714 is scalable, such that the array includes a variable number of graphics cores, each having a variable number of execution units based on the target power and performance level of GPE 1710. In one embodiment the execution resources are dynamically scalable, such that execution resources may be enabled or disabled as needed.

The graphics core array 1714 couples with shared function logic 1720 that includes multiple resources that are shared between the graphics cores in the graphics core array. The shared functions within the shared function logic 1720 are hardware logic units that provide specialized supplemental functionality to the graphics core array 1714. In various embodiments, shared function logic 1720 includes but is not limited to sampler 1721, math 1722, and inter-thread communication (ITC) 1723 logic. Additionally, some embodiments implement one or more cache(s) 1725 within the shared function logic 1720.

A shared function is implemented at least in a case where the demand for a given specialized function is insufficient for inclusion within the graphics core array 1714. Instead a single instantiation of that specialized function is implemented as a stand-alone entity in the shared function logic 1720 and shared among the execution resources within the graphics core array 1714. The precise set of functions that are shared between the graphics core array 1714 and included within the graphics core array 1714 varies across embodiments. In some embodiments, specific shared functions within the shared function logic 1720 that are used extensively by the graphics core array 1714 may be included within shared function logic 1716 within the graphics core array 1714. In various embodiments, the shared function logic 1716 within the graphics core array 1714 can include some or all logic within the shared function logic 1720. In one embodiment, all logic elements within the shared function logic 1720 may be duplicated within the shared function logic 1716 of the graphics core array 1714. In one embodiment the shared function logic 1720 is excluded in favor of the shared function logic 1716 within the graphics core array 1714.

Execution Units

FIGS. 14A-14B illustrate thread execution logic 1800 including an array of processing elements employed in a graphics processor core according to embodiments described herein. Elements of FIGS. 14A-14B having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such. FIG. 14A-14B illustrates an overview of thread execution logic 1800, which may be representative of hardware logic illustrated with each sub-core 221A-221F of FIG. 11B. FIG. 14A is representative of an execution unit within a general-purpose graphics processor, while FIG. 14B is representative of an execution unit that may be used within a compute accelerator.

As illustrated in FIG. 14A, in some embodiments thread execution logic 1800 includes a shader processor 1802, a thread dispatcher 1804, instruction cache 1806, a scalable execution unit array including a plurality of execution units 1808A-1808N, a sampler 1810, shared local memory 1811, a data cache 1812, and a data port 1814. In one embodiment the scalable execution unit array can dynamically scale by enabling or disabling one or more execution units (e.g., any of execution units 1808A, 1808B, 1808C, 1808D, through 1808N-1 and 1808N) based on the computational requirements of a workload. In one embodiment the included components are interconnected via an interconnect fabric that links to each of the components. In some embodiments, thread execution logic 1800 includes one or more connections to memory, such as system memory or cache memory, through one or more of instruction cache 1806, data port 1814, sampler 1810, and execution units 1808A-1808N. In some embodiments, each execution unit (e.g., 1808A) is a stand-alone programmable general-purpose computational unit that is capable of executing multiple simultaneous hardware threads while processing multiple data elements in parallel for each thread. In various embodiments, the array of execution units 1808A-1808N is scalable to include any number individual execution units.

In some embodiments, the execution units 1808A-1808N are primarily used to execute shader programs. A shader processor 1802 can process the various shader programs and dispatch execution threads associated with the shader programs via a thread dispatcher 1804. In one embodiment the thread dispatcher includes logic to arbitrate thread initiation requests from the graphics and media pipelines and instantiate the requested threads on one or more execution unit in the execution units 1808A-1808N. For example, a geometry pipeline can dispatch vertex, tessellation, or geometry shaders to the thread execution logic for processing. In some embodiments, thread dispatcher 1804 can also process runtime thread spawning requests from the executing shader programs.

In some embodiments, the execution units 1808A-1808N support an instruction set that includes native support for many standard 3D graphics shader instructions, such that shader programs from graphics libraries (e.g., Direct 3D and OpenGL) are executed with a minimal translation. The execution units support vertex and geometry processing (e.g., vertex programs, geometry programs, vertex shaders), pixel processing (e.g., pixel shaders, fragment shaders) and general-purpose processing (e.g., compute and media shaders). Each of the execution units 1808A-1808N is capable of multi-issue single instruction multiple data (SIMD) execution and multi-threaded operation enables an efficient execution environment in the face of higher latency memory accesses. Each hardware thread within each execution unit has a dedicated high-bandwidth register file and associated independent thread-state. Execution is multi-issue per clock to pipelines capable of integer, single and double precision floating point operations, SIMD branch capability, logical operations, transcendental operations, and other miscellaneous operations. While waiting for data from memory or one of the shared functions, dependency logic within the execution units 1808A-1808N causes a waiting thread to sleep until the requested data has been returned. While the waiting thread is sleeping, hardware resources may be devoted to processing other threads. For example, during a delay associated with a vertex shader operation, an execution unit can perform operations for a pixel shader, fragment shader, or another type of shader program, including a different vertex shader. Various embodiments can apply to use execution by use of Single Instruction Multiple Thread (SIMT) as an alternate to use of SIMD or in addition to use of SIMD. Reference to a SIMD core or operation can apply also to SIMT or apply to SIMD in combination with SIMT.

Each execution unit in execution units 1808A-1808N operates on arrays of data elements. The number of data elements is the “execution size,” or the number of channels for the instruction. An execution channel is a logical unit of execution for data element access, masking, and flow control within instructions. The number of channels may be independent of the number of physical Arithmetic Logic Units (ALUs) or Floating Point Units (FPUs) for a particular graphics processor. In some embodiments, execution units 1808A-1808N support integer and floating-point data types.

The execution unit instruction set includes SIMD instructions. The various data elements can be stored as a packed data type in a register and the execution unit will process the various elements based on the data size of the elements. For example, when operating on a 256-bit wide vector, the 256 bits of the vector are stored in a register and the execution unit operates on the vector as four separate 54-bit packed data elements (Quad-Word (QW) size data elements), eight separate 32-bit packed data elements (Double Word (DW) size data elements), sixteen separate 16-bit packed data elements (Word (W) size data elements), or thirty-two separate 8-bit data elements (byte (B) size data elements). However, different vector widths and register sizes are possible.

In one embodiment one or more execution units can be combined into a fused execution unit 1809A-1809N having thread control logic (1807A-1807N) that is common to the fused EUs. Multiple EUs can be fused into an EU group. Each EU in the fused EU group can be configured to execute a separate SIMD hardware thread. The number of EUs in a fused EU group can vary according to embodiments. Additionally, various SIMD widths can be performed per-EU, including but not limited to SIMD8, SIMD16, and SIMD32. Each fused graphics execution unit 1809A-1809N includes at least two execution units. For example, fused execution unit 1809A includes a first EU 1808A, second EU 1808B, and thread control logic 1807A that is common to the first EU 1808A and the second EU 1808B. The thread control logic 1807A controls threads executed on the fused graphics execution unit 1809A, allowing each EU within the fused execution units 1809A-1809N to execute using a common instruction pointer register.

One or more internal instruction caches (e.g., 1806) are included in the thread execution logic 1800 to cache thread instructions for the execution units. In some embodiments, one or more data caches (e.g., 1812) are included to cache thread data during thread execution. Threads executing on the execution logic 1800 can also store explicitly managed data in the shared local memory 1811. In some embodiments, a sampler 1810 is included to provide texture sampling for 3D operations and media sampling for media operations. In some embodiments, sampler 1810 includes specialized texture or media sampling functionality to process texture or media data during the sampling process before providing the sampled data to an execution unit.

During execution, the graphics and media pipelines send thread initiation requests to thread execution logic 1800 via thread spawning and dispatch logic. Once a group of geometric objects has been processed and rasterized into pixel data, pixel processor logic (e.g., pixel shader logic, fragment shader logic, etc.) within the shader processor 1802 is invoked to further compute output information and cause results to be written to output surfaces (e.g., color buffers, depth buffers, stencil buffers, etc.). In some embodiments, a pixel shader or fragment shader calculates the values of the various vertex attributes that are to be interpolated across the rasterized object. In some embodiments, pixel processor logic within the shader processor 1802 then executes an application programming interface (API)-supplied pixel or fragment shader program. To execute the shader program, the shader processor 1802 dispatches threads to an execution unit (e.g., 1808A) via thread dispatcher 1804. In some embodiments, shader processor 1802 uses texture sampling logic in the sampler 1810 to access texture data in texture maps stored in memory. Arithmetic operations on the texture data and the input geometry data compute pixel color data for each geometric fragment, or discards one or more pixels from further processing.

In some embodiments, the data port 1814 provides a memory access mechanism for the thread execution logic 1800 to output processed data to memory for further processing on a graphics processor output pipeline. In some embodiments, the data port 1814 includes or couples to one or more cache memories (e.g., data cache 1812) to cache data for memory access via the data port.

In one embodiment, the execution logic 1800 can also include a ray tracer 1805 that can provide ray tracing acceleration functionality. The ray tracer 1805 can support a ray tracing instruction set that includes instructions/functions for ray generation. The ray tracing instruction set can be similar to or different from the ray-tracing instruction set supported by the ray tracing cores 245 in FIG. 11C.

FIG. 14B illustrates exemplary internal details of an execution unit 1808, according to embodiments. A graphics execution unit 1808 can include an instruction fetch unit 1837, a general register file array (GRF) 1824, an architectural register file array (ARF) 1826, a thread arbiter 1822, a send unit 1830, a branch unit 1832, a set of SIMD floating point units (FPUs) 1834, and in one embodiment a set of dedicated integer SIND ALUs 1835. The GRF 1824 and ARF 1826 includes the set of general register files and architecture register files associated with each simultaneous hardware thread that may be active in the graphics execution unit 1808. In one embodiment, per thread architectural state is maintained in the ARF 1826, while data used during thread execution is stored in the GRF 1824. The execution state of each thread, including the instruction pointers for each thread, can be held in thread-specific registers in the ARF 1826.

In one embodiment the graphics execution unit 1808 has an architecture that is a combination of Simultaneous Multi-Threading (SMT) and fine-grained Interleaved Multi-Threading (IMT). The architecture has a modular configuration that can be fine-tuned at design time based on a target number of simultaneous threads and number of registers per execution unit, where execution unit resources are divided across logic used to execute multiple simultaneous threads. The number of logical threads that may be executed by the graphics execution unit 1808 is not limited to the number of hardware threads, and multiple logical threads can be assigned to each hardware thread.

In one embodiment, the graphics execution unit 1808 can co-issue multiple instructions, which may each be different instructions. The thread arbiter 1822 of the graphics execution unit thread 1808 can dispatch the instructions to one of the send unit 1830, branch unit 1832, or SIMD FPU(s) 1834 for execution. Each execution thread can access 128 general-purpose registers within the GRF 1824, where each register can store 32 bytes, accessible as a SIMD 8-element vector of 32-bit data elements. In one embodiment, each execution unit thread has access to 4 Kbytes within the GRF 1824, although embodiments are not so limited, and greater or fewer register resources may be provided in other embodiments. In one embodiment the graphics execution unit 1808 is partitioned into seven hardware threads that can independently perform computational operations, although the number of threads per execution unit can also vary according to embodiments. For example, in one embodiment up to 16 hardware threads are supported. In an embodiment in which seven threads may access 4 Kbytes, the GRF 1824 can store a total of 28 Kbytes. Where 16 threads may access 4 Kbytes, the GRF 1824 can store a total of 64 Kbytes. Flexible addressing modes can permit registers to be addressed together to build effectively wider registers or to represent strided rectangular block data structures.

In one embodiment, memory operations, sampler operations, and other longer-latency system communications are dispatched via “send” instructions that are executed by the message passing send unit 1830. In one embodiment, branch instructions are dispatched to a dedicated branch unit 1832 to facilitate SIMD divergence and eventual convergence.

In one embodiment the graphics execution unit 1808 includes one or more SIMD floating point units (FPU(s)) 1834 to perform floating-point operations. In one embodiment, the FPU(s) 1834 also support integer computation. In one embodiment the FPU(s) 1834 can SIMD execute up to M number of 32-bit floating-point (or integer) operations, or SIMD execute up to 2M 16-bit integer or 16-bit floating-point operations. In one embodiment, at least one of the FPU(s) provides extended math capability to support high-throughput transcendental math functions and double precision 54-bit floating-point. In some embodiments, a set of 8-bit integer SIMD ALUs 1835 are also present, and may be specifically optimized to perform operations associated with machine learning computations.

In one embodiment, arrays of multiple instances of the graphics execution unit 1808 can be instantiated in a graphics sub-core grouping (e.g., a sub-slice). For scalability, product architects can choose the exact number of execution units per sub-core grouping. In one embodiment the execution unit 1808 can execute instructions across a plurality of execution channels. In a further embodiment, each thread executed on the graphics execution unit 1808 is executed on a different channel.

FIG. 15 illustrates an additional execution unit 1900, according to an embodiment. The execution unit 1900 may be a compute-optimized execution unit for use in, for example, a compute engine tile 340A-340D as in FIG. 12C, but is not limited as such. Variants of the execution unit 1900 may also be used in a graphics engine tile 310A-310D as in FIG. 12B. In one embodiment, the execution unit 1900 includes a thread control unit 1901, a thread state unit 1902, an instruction fetch/prefetch unit 1903, and an instruction decode unit 1904. The execution unit 1900 additionally includes a register file 1906 that stores registers that can be assigned to hardware threads within the execution unit. The execution unit 1900 additionally includes a send unit 1907 and a branch unit 1908. In one embodiment, the send unit 1907 and branch unit 1908 can operate similarly as the send unit 1830 and a branch unit 1832 of the graphics execution unit 1808 of FIG. 14B.

The execution unit 1900 also includes a compute unit 1910 that includes multiple different types of functional units. In one embodiment the compute unit 1910 includes an ALU unit 1911 that includes an array of arithmetic logic units. The ALU unit 1911 can be configured to perform 64-bit, 32-bit, and 16-bit integer and floating point operations. Integer and floating point operations may be performed simultaneously. The compute unit 1910 can also include a systolic array 1912, and a math unit 1913. The systolic array 1912 includes a W wide and D deep network of data processing units that can be used to perform vector or other data-parallel operations in a systolic manner. In one embodiment the systolic array 1912 can be configured to perform matrix operations, such as matrix dot product operations. In one embodiment the systolic array 1912 support 16-bit floating point operations, as well as 8-bit and 4-bit integer operations. In one embodiment the systolic array 1912 can be configured to accelerate machine learning operations. In such embodiments, the systolic array 1912 can be configured with support for the bfloat 16-bit floating point format. In one embodiment, a math unit 1913 can be included to perform a specific subset of mathematical operations in an efficient and lower-power manner than then ALU unit 1911. The math unit 1913 can include a variant of math logic that may be found in shared function logic of a graphics processing engine provided by other embodiments (e.g., math logic 422 of the shared function logic 420 of FIG. 13). In one embodiment the math unit 1913 can be configured to perform 32-bit and 64-bit floating point operations.

The thread control unit 1901 includes logic to control the execution of threads within the execution unit. The thread control unit 1901 can include thread arbitration logic to start, stop, and preempt execution of threads within the execution unit 1900. The thread state unit 1902 can be used to store thread state for threads assigned to execute on the execution unit 1900. Storing the thread state within the execution unit 1900 enables the rapid pre-emption of threads when those threads become blocked or idle. The instruction fetch/prefetch unit 1903 can fetch instructions from an instruction cache of higher level execution logic (e.g., instruction cache 1806 as in FIG. 14A). The instruction fetch/prefetch unit 1903 can also issue prefetch requests for instructions to be loaded into the instruction cache based on an analysis of currently executing threads. The instruction decode unit 1904 can be used to decode instructions to be executed by the compute units. In one embodiment, the instruction decode unit 1904 can be used as a secondary decoder to decode complex instructions into constituent micro-operations.

The execution unit 1900 additionally includes a register file 1906 that can be used by hardware threads executing on the execution unit 1900. Registers in the register file 1906 can be divided across the logic used to execute multiple simultaneous threads within the compute unit 1910 of the execution unit 1900. The number of logical threads that may be executed by the graphics execution unit 1900 is not limited to the number of hardware threads, and multiple logical threads can be assigned to each hardware thread. The size of the register file 1906 can vary across embodiments based on the number of supported hardware threads. In one embodiment, register renaming may be used to dynamically allocate registers to hardware threads.

FIG. 16 is a block diagram illustrating a graphics processor instruction formats 2000 according to some embodiments. In one or more embodiment, the graphics processor execution units support an instruction set having instructions in multiple formats. The solid lined boxes illustrate the components that are generally included in an execution unit instruction, while the dashed lines include components that are optional or that are only included in a sub-set of the instructions. In some embodiments, instruction format 2000 described and illustrated are macro-instructions, in that they are instructions supplied to the execution unit, as opposed to micro-operations resulting from instruction decode once the instruction is processed.

In some embodiments, the graphics processor execution units natively support instructions in a 128-bit instruction format 2010. A 64-bit compacted instruction format 2030 is available for some instructions based on the selected instruction, instruction options, and number of operands. The native 128-bit instruction format 2010 provides access to all instruction options, while some options and operations are restricted in the 64-bit format 2030. The native instructions available in the 64-bit format 2030 vary by embodiment. In some embodiments, the instruction is compacted in part using a set of index values in an index field 2013. The execution unit hardware references a set of compaction tables based on the index values and uses the compaction table outputs to reconstruct a native instruction in the 128-bit instruction format 2010. Other sizes and formats of instruction can be used.

For each format, instruction opcode 2012 defines the operation that the execution unit is to perform. The execution units execute each instruction in parallel across the multiple data elements of each operand. For example, in response to an add instruction the execution unit performs a simultaneous add operation across each color channel representing a texture element or picture element. By default, the execution unit performs each instruction across all data channels of the operands. In some embodiments, instruction control field 2014 enables control over certain execution options, such as channels selection (e.g., predication) and data channel order (e.g., swizzle). For instructions in the 128-bit instruction format 2010 an exec-size field 2016 limits the number of data channels that will be executed in parallel. In some embodiments, exec-size field 2016 is not available for use in the 64-bit compact instruction format 2030.

Some execution unit instructions have up to three operands including two source operands, src0 2020, src1 2022, and one destination 2018. In some embodiments, the execution units support dual destination instructions, where one of the destinations is implied. Data manipulation instructions can have a third source operand (e.g., SRC2 2024), where the instruction opcode 2012 determines the number of source operands. An instruction's last source operand can be an immediate (e.g., hard-coded) value passed with the instruction.

In some embodiments, the 128-bit instruction format 2010 includes an access/address mode field 2026 specifying, for example, whether direct register addressing mode or indirect register addressing mode is used. When direct register addressing mode is used, the register address of one or more operands is directly provided by bits in the instruction.

In some embodiments, the 128-bit instruction format 2010 includes an access/address mode field 2026, which specifies an address mode and/or an access mode for the instruction. In one embodiment the access mode is used to define a data access alignment for the instruction. Some embodiments support access modes including a 16-byte aligned access mode and a 1-byte aligned access mode, where the byte alignment of the access mode determines the access alignment of the instruction operands. For example, when in a first mode, the instruction may use byte-aligned addressing for source and destination operands and when in a second mode, the instruction may use 16-byte-aligned addressing for all source and destination operands.

In one embodiment, the address mode portion of the access/address mode field 2026 determines whether the instruction is to use direct or indirect addressing. When direct register addressing mode is used bits in the instruction directly provide the register address of one or more operands. When indirect register addressing mode is used, the register address of one or more operands may be computed based on an address register value and an address immediate field in the instruction.

In some embodiments instructions are grouped based on opcode 2012 bit-fields to simplify Opcode decode 2040. For an 8-bit opcode, bits 4, 5, and 6 allow the execution unit to determine the type of opcode. The precise opcode grouping shown is merely an example. In some embodiments, a move and logic opcode group 2042 includes data movement and logic instructions (e.g., move (mov), compare (cmp)). In some embodiments, move and logic group 2042 shares the five most significant bits (MSB), where move (mov) instructions are in the form of 0000xxxxb and logic instructions are in the form of 0001xxxxb. A flow control instruction group 2044 (e.g., call, jump (jmp)) includes instructions in the form of 0010xxxxb (e.g., 0x20). A miscellaneous instruction group 2046 includes a mix of instructions, including synchronization instructions (e.g., wait, send) in the form of 0011xxxxb (e.g., 0x30). A parallel math instruction group 2048 includes component-wise arithmetic instructions (e.g., add, multiply (mul)) in the form of 0100xxxxb (e.g., 0x40). The parallel math group 2048 performs the arithmetic operations in parallel across data channels. The vector math group 2050 includes arithmetic instructions (e.g., dp4) in the form of 0101xxxxb (e.g., 0x50). The vector math group performs arithmetic such as dot product calculations on vector operands. The illustrated opcode decode 2040, in one embodiment, can be used to determine which portion of an execution unit will be used to execute a decoded instruction. For example, some instructions may be designated as systolic instructions that will be performed by a systolic array. Other instructions, such as ray-tracing instructions (not shown) can be routed to a ray-tracing core or ray-tracing logic within a slice or partition of execution logic.

Graphics Pipeline

FIG. 17 is a block diagram of another embodiment of a graphics processor 2100. Elements of FIG. 17 having the same reference numbers (or names) as the elements of any other figure herein can operate or function in any manner similar to that described elsewhere herein, but are not limited to such.

In some embodiments, graphics processor 2100 includes a geometry pipeline 2120, a media pipeline 2130, a display engine 2140, thread execution logic 2150, and a render output pipeline 2170. In some embodiments, graphics processor 2100 is a graphics processor within a multi-core processing system that includes one or more general-purpose processing cores. The graphics processor is controlled by register writes to one or more control registers (not shown) or via commands issued to graphics processor 2100 via a ring interconnect 2102. In some embodiments, ring interconnect 2102 couples graphics processor 2100 to other processing components, such as other graphics processors or general-purpose processors. Commands from ring interconnect 2102 are interpreted by a command streamer 2103, which supplies instructions to individual components of the geometry pipeline 2120 or the media pipeline 2130. In some embodiments, the graphics processor 2100 may implement aspects of the environment 700 (FIG. 8A), architecture 759 (FIG. 8B), process 760 (FIG. 8C), and method 780 (FIG. 8D).

In some embodiments, command streamer 2103 directs the operation of a vertex fetcher 2105 that reads vertex data from memory and executes vertex-processing commands provided by command streamer 2103. In some embodiments, vertex fetcher 2105 provides vertex data to a vertex shader 2107, which performs coordinate space transformation and lighting operations to each vertex. In some embodiments, vertex fetcher 2105 and vertex shader 2107 execute vertex-processing instructions by dispatching execution threads to execution units 2152A-2152B via a thread dispatcher 2131.

In some embodiments, execution units 2152A-2152B are an array of vector processors having an instruction set for performing graphics and media operations. In some embodiments, execution units 2152A-2152B have an attached L1 cache 2151 that is specific for each array or shared between the arrays. The cache can be configured as a data cache, an instruction cache, or a single cache that is partitioned to contain data and instructions in different partitions.

In some embodiments, geometry pipeline 2120 includes tessellation components to perform hardware-accelerated tessellation of 3D objects. In some embodiments, a programmable hull shader 2111 configures the tessellation operations. A programmable domain shader 2117 provides back-end evaluation of tessellation output. A tessellator 2113 operates at the direction of hull shader 2111 and contains special purpose logic to generate a set of detailed geometric objects based on a coarse geometric model that is provided as input to geometry pipeline 2120. In some embodiments, if tessellation is not used, tessellation components (e.g., hull shader 2111, tessellator 2113, and domain shader 2117) can be bypassed.

In some embodiments, complete geometric objects can be processed by a geometry shader 2119 via one or more threads dispatched to execution units 2152A-2152B, or can proceed directly to the clipper 2129. In some embodiments, the geometry shader operates on entire geometric objects, rather than vertices or patches of vertices as in previous stages of the graphics pipeline. If the tessellation is disabled the geometry shader 2119 receives input from the vertex shader 2107. In some embodiments, geometry shader 2119 is programmable by a geometry shader program to perform geometry tessellation if the tessellation units are disabled.

Before rasterization, a clipper 2129 processes vertex data. The clipper 2129 may be a fixed function clipper or a programmable clipper having clipping and geometry shader functions. In some embodiments, a rasterizer and depth test component 2173 in the render output pipeline 2170 dispatches pixel shaders to convert the geometric objects into per pixel representations. In some embodiments, pixel shader logic is included in thread execution logic 2150. In some embodiments, an application can bypass the rasterizer and depth test component 2173 and access un-rasterized vertex data via a stream out unit 2123.

The graphics processor 2100 has an interconnect bus, interconnect fabric, or some other interconnect mechanism that allows data and message passing amongst the major components of the processor. In some embodiments, execution units 2152A-2152B and associated logic units (e.g., L1 cache 2151, sampler 2154, texture cache 2158, etc.) interconnect via a data port 2156 to perform memory access and communicate with render output pipeline components of the processor. In some embodiments, sampler 2154, caches 2151, 2158 and execution units 2152A-2152B each have separate memory access paths. In one embodiment the texture cache 2158 can also be configured as a sampler cache.

In some embodiments, render output pipeline 2170 contains a rasterizer and depth test component 2173 that converts vertex-based objects into an associated pixel-based representation. In some embodiments, the rasterizer logic includes a windower/masker unit to perform fixed function triangle and line rasterization. An associated render cache 2178 and depth cache 2179 are also available in some embodiments. A pixel operations component 2177 performs pixel-based operations on the data, though in some instances, pixel operations associated with 2D operations (e.g., bit block image transfers with blending) are performed by the 2D engine 2141, or substituted at display time by the display controller 2143 using overlay display planes. In some embodiments, a shared L3 cache 2175 is available to all graphics components, allowing the sharing of data without the use of main system memory.

In some embodiments, graphics processor media pipeline 2130 includes a media engine 2137 and a video front-end 2134. In some embodiments, video front-end 2134 receives pipeline commands from the command streamer 2103. In some embodiments, media pipeline 2130 includes a separate command streamer. In some embodiments, video front-end 2134 processes media commands before sending the command to the media engine 2137. In some embodiments, media engine 2137 includes thread spawning functionality to spawn threads for dispatch to thread execution logic 2150 via thread dispatcher 2131.

In some embodiments, graphics processor 2100 includes a display engine 2140. In some embodiments, display engine 2140 is external to processor 2100 and couples with the graphics processor via the ring interconnect 2102, or some other interconnect bus or fabric. In some embodiments, display engine 2140 includes a 2D engine 2141 and a display controller 2143. In some embodiments, display engine 2140 contains special purpose logic capable of operating independently of the 3D pipeline. In some embodiments, display controller 2143 couples with a display device (not shown), which may be a system integrated display device, as in a laptop computer, or an external display device attached via a display device connector.

In some embodiments, the geometry pipeline 2120 and media pipeline 2130 are configurable to perform operations based on multiple graphics and media programming interfaces and are not specific to any one application programming interface (API). In some embodiments, driver software for the graphics processor translates API calls that are specific to a particular graphics or media library into commands that can be processed by the graphics processor. In some embodiments, support is provided for the Open Graphics Library (OpenGL), Open Computing Language (OpenCL), and/or Vulkan graphics and compute API, all from the Khronos Group. In some embodiments, support may also be provided for the Direct3D library from the Microsoft Corporation. In some embodiments, a combination of these libraries may be supported. Support may also be provided for the Open Source Computer Vision Library (OpenCV). A future API with a compatible 3D pipeline would also be supported if a mapping can be made from the pipeline of the future API to the pipeline of the graphics processor.

Graphics Pipeline Programming

FIG. 18A is a block diagram illustrating a graphics processor command format 2200 according to some embodiments. FIG. 18B is a block diagram illustrating a graphics processor command sequence 2210 according to an embodiment. The solid lined boxes in FIG. 18A illustrate the components that are generally included in a graphics command while the dashed lines include components that are optional or that are only included in a sub-set of the graphics commands. The exemplary graphics processor command format 2200 of FIG. 18A includes data fields to identify a client 2202, a command operation code (opcode) 2204, and data 2206 for the command. A sub-opcode 2205 and a command size 2208 are also included in some commands.

In some embodiments, client 2202 specifies the client unit of the graphics device that processes the command data. In some embodiments, a graphics processor command parser examines the client field of each command to condition the further processing of the command and route the command data to the appropriate client unit. In some embodiments, the graphics processor client units include a memory interface unit, a render unit, a 2D unit, a 3D unit, and a media unit. Each client unit has a corresponding processing pipeline that processes the commands. Once the command is received by the client unit, the client unit reads the opcode 2204 and, if present, sub-opcode 2205 to determine the operation to perform. The client unit performs the command using information in data field 2206. For some commands an explicit command size 2208 is expected to specify the size of the command. In some embodiments, the command parser automatically determines the size of at least some of the commands based on the command opcode. In some embodiments commands are aligned via multiples of a double word. Other command formats can be used.

The flow diagram in FIG. 18B illustrates an exemplary graphics processor command sequence 2210. In some embodiments, software or firmware of a data processing system that features an embodiment of a graphics processor uses a version of the command sequence shown to set up, execute, and terminate a set of graphics operations. A sample command sequence is shown and described for purposes of example only as embodiments are not limited to these specific commands or to this command sequence. Moreover, the commands may be issued as batch of commands in a command sequence, such that the graphics processor will process the sequence of commands in at least partially concurrence.

In some embodiments, the graphics processor command sequence 2210 may begin with a pipeline flush command 2212 to cause any active graphics pipeline to complete the currently pending commands for the pipeline. In some embodiments, the 3D pipeline 2222 and the media pipeline 2224 do not operate concurrently. The pipeline flush is performed to cause the active graphics pipeline to complete any pending commands. In response to a pipeline flush, the command parser for the graphics processor will pause command processing until the active drawing engines complete pending operations and the relevant read caches are invalidated. Optionally, any data in the render cache that is marked ‘dirty’ can be flushed to memory. In some embodiments, pipeline flush command 2212 can be used for pipeline synchronization or before placing the graphics processor into a low power state.

In some embodiments, a pipeline select command 2213 is used when a command sequence requires the graphics processor to explicitly switch between pipelines. In some embodiments, a pipeline select command 2213 is required only once within an execution context before issuing pipeline commands unless the context is to issue commands for both pipelines. In some embodiments, a pipeline flush command 2212 is required immediately before a pipeline switch via the pipeline select command 2213.

In some embodiments, a pipeline control command 2214 configures a graphics pipeline for operation and is used to program the 3D pipeline 2222 and the media pipeline 2224. In some embodiments, pipeline control command 2214 configures the pipeline state for the active pipeline. In one embodiment, the pipeline control command 2214 is used for pipeline synchronization and to clear data from one or more cache memories within the active pipeline before processing a batch of commands.

In some embodiments, return buffer state commands 2216 are used to configure a set of return buffers for the respective pipelines to write data. Some pipeline operations require the allocation, selection, or configuration of one or more return buffers into which the operations write intermediate data during processing. In some embodiments, the graphics processor also uses one or more return buffers to store output data and to perform cross thread communication. In some embodiments, the return buffer state commands 2216 select the size and number of return buffers to use for a set of pipeline operations.

The remaining commands in the command sequence differ based on the active pipeline for operations. Based on a pipeline determination 2220, the command sequence is tailored to the 3D pipeline 2222 beginning with the 3D pipeline state 2230 or the media pipeline 2224 beginning at the media pipeline state 2240.

The commands to configure the 3D pipeline state 2230 include 3D state setting commands for vertex buffer state, vertex element state, constant color state, depth buffer state, and other state variables that are to be configured before 3D primitive commands are processed. The values of these commands are determined at least in part based on the particular 3D API in use. In some embodiments, 3D pipeline state 2230 commands are also able to selectively disable or bypass certain pipeline elements if those elements will not be used.

In some embodiments, 3D primitive 2232 command is used to submit 3D primitives to be processed by the 3D pipeline. Commands and associated parameters that are passed to the graphics processor via the 3D primitive 2232 command are forwarded to the vertex fetch function in the graphics pipeline. The vertex fetch function uses the 3D primitive 2232 command data to generate vertex data structures. The vertex data structures are stored in one or more return buffers. In some embodiments, 3D primitive 2232 command is used to perform vertex operations on 3D primitives via vertex shaders. To process vertex shaders, 3D pipeline 2222 dispatches shader execution threads to graphics processor execution units.

In some embodiments, 3D pipeline 2222 is triggered via an execute 2234 command or event. In some embodiments, a register write triggers command execution. In some embodiments execution is triggered via a ‘go’ or ‘kick’ command in the command sequence. In one embodiment, command execution is triggered using a pipeline synchronization command to flush the command sequence through the graphics pipeline. The 3D pipeline will perform geometry processing for the 3D primitives. Once operations are complete, the resulting geometric objects are rasterized and the pixel engine colors the resulting pixels. Additional commands to control pixel shading and pixel back end operations may also be included for those operations.

In some embodiments, the graphics processor command sequence 2210 follows the media pipeline 2224 path when performing media operations. In general, the specific use and manner of programming for the media pipeline 2224 depends on the media or compute operations to be performed. Specific media decode operations may be offloaded to the media pipeline during media decode. In some embodiments, the media pipeline can also be bypassed and media decode can be performed in whole or in part using resources provided by one or more general-purpose processing cores. In one embodiment, the media pipeline also includes elements for general-purpose graphics processor unit (GPGPU) operations, where the graphics processor is used to perform SIMD vector operations using computational shader programs that are not explicitly related to the rendering of graphics primitives.

In some embodiments, media pipeline 2224 is configured in a similar manner as the 3D pipeline 2222. A set of commands to configure the media pipeline state 2240 are dispatched or placed into a command queue before the media object commands 2242. In some embodiments, commands for the media pipeline state 2240 include data to configure the media pipeline elements that will be used to process the media objects. This includes data to configure the video decode and video encode logic within the media pipeline, such as encode or decode format. In some embodiments, commands for the media pipeline state 2240 also support the use of one or more pointers to “indirect” state elements that contain a batch of state settings.

In some embodiments, media object commands 2242 supply pointers to media objects for processing by the media pipeline. The media objects include memory buffers containing video data to be processed. In some embodiments, all media pipeline states must be valid before issuing a media object command 2242. Once the pipeline state is configured and media object commands 2242 are queued, the media pipeline 2224 is triggered via an execute command 2244 or an equivalent execute event (e.g., register write). Output from media pipeline 2224 may then be post processed by operations provided by the 3D pipeline 2222 or the media pipeline 2224. In some embodiments, GPGPU operations are configured and executed in a similar manner as media operations.

Graphics Software Architecture

FIG. 19 illustrates an exemplary graphics software architecture for a data processing system 2300 according to some embodiments. In some embodiments, software architecture includes a 3D graphics application 2310, an operating system 2320, and at least one processor 2330. In some embodiments, processor 2330 includes a graphics processor 2332 and one or more general-purpose processor core(s) 2334. The graphics application 2310 and operating system 2320 each execute in the system memory 2350 of the data processing system.

In some embodiments, 3D graphics application 2310 contains one or more shader programs including shader instructions 2312. The shader language instructions may be in a high-level shader language, such as the High-Level Shader Language (HLSL) of Direct3D, the OpenGL Shader Language (GLSL), and so forth. The application also includes executable instructions 2314 in a machine language suitable for execution by the general-purpose processor core 2334. The application also includes graphics objects 2316 defined by vertex data.

In some embodiments, operating system 2320 is a Microsoft® Windows® operating system from the Microsoft Corporation, a proprietary UNIX-like operating system, or an open source UNIX-like operating system using a variant of the Linux kernel. The operating system 2320 can support a graphics API 2322 such as the Direct3D API, the OpenGL API, or the Vulkan API. When the Direct3D API is in use, the operating system 2320 uses a front-end shader compiler 2324 to compile any shader instructions 2312 in HLSL into a lower-level shader language. The compilation may be a just-in-time (JIT) compilation or the application can perform shader pre-compilation. In some embodiments, high-level shaders are compiled into low-level shaders during the compilation of the 3D graphics application 2310. In some embodiments, the shader instructions 2312 are provided in an intermediate form, such as a version of the Standard Portable Intermediate Representation (SPIR) used by the Vulkan API.

In some embodiments, user mode graphics driver 2326 contains a back-end shader compiler 2327 to convert the shader instructions 2312 into a hardware specific representation. When the OpenGL API is in use, shader instructions 2312 in the GLSL high-level language are passed to a user mode graphics driver 2326 for compilation. In some embodiments, user mode graphics driver 2326 uses operating system kernel mode functions 2328 to communicate with a kernel mode graphics driver 2329. In some embodiments, kernel mode graphics driver 2329 communicates with graphics processor 2332 to dispatch commands and instructions.

IP Core Implementations

One or more aspects of at least one embodiment may be implemented by representative code stored on a machine-readable medium which represents and/or defines logic within an integrated circuit such as a processor. For example, the machine-readable medium may include instructions which represent various logic within the processor. When read by a machine, the instructions may cause the machine to fabricate the logic to perform the techniques described herein. Such representations, known as “IP cores,” are reusable units of logic for an integrated circuit that may be stored on a tangible, machine-readable medium as a hardware model that describes the structure of the integrated circuit. The hardware model may be supplied to various customers or manufacturing facilities, which load the hardware model on fabrication machines that manufacture the integrated circuit. The integrated circuit may be fabricated such that the circuit performs operations described in association with any of the embodiments described herein.

FIG. 20A is a block diagram illustrating an IP core development system 2400 that may be used to manufacture an integrated circuit to perform operations according to an embodiment. The IP core development system 2400 may be used to generate modular, re-usable designs that can be incorporated into a larger design or used to construct an entire integrated circuit (e.g., an SOC integrated circuit). A design facility 2430 can generate a software simulation 2410 of an IP core design in a high-level programming language (e.g., C/C++). The software simulation 2410 can be used to design, test, and verify the behavior of the IP core using a simulation model 2412. The simulation model 2412 may include functional, behavioral, and/or timing simulations. A register transfer level (RTL) design 2415 can then be created or synthesized from the simulation model 2412. The RTL design 2415 is an abstraction of the behavior of the integrated circuit that models the flow of digital signals between hardware registers, including the associated logic performed using the modeled digital signals. In addition to an RTL design 2415, lower-level designs at the logic level or transistor level may also be created, designed, or synthesized. Thus, the particular details of the initial design and simulation may vary.

The RTL design 2415 or equivalent may be further synthesized by the design facility into a hardware model 2420, which may be in a hardware description language (HDL), or some other representation of physical design data. The HDL may be further simulated or tested to verify the IP core design. The IP core design can be stored for delivery to a 3rd party fabrication facility 2465 using non-volatile memory 2440 (e.g., hard disk, flash memory, or any non-volatile storage medium). Alternatively, the IP core design may be transmitted (e.g., via the Internet) over a wired connection 2450 or wireless connection 2460. The fabrication facility 2465 may then fabricate an integrated circuit that is based at least in part on the IP core design. The fabricated integrated circuit can be configured to perform operations in accordance with at least one embodiment described herein. Some embodiments may generate an IP core design for aspects of the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B), method 810 (FIG. 7C), and/or the method 840 (FIG. 7D) already discussed. Some embodiments may further relate to performance enhanced computing architecture 3400 (FIG. 6G), entry 3402 (FIG. 6H), and method 3500 (FIG. 6I) already discussed.

FIG. 20B illustrates a cross-section side view of an integrated circuit package assembly 2470, according to some embodiments described herein. The integrated circuit package assembly 2470 may implement aspects of the architecture 1150 (FIG. 7A), method 1190 (FIG. 7B), method 810 (FIG. 7C), and/or the method 840 (FIG. 7D) already discussed, and further to include a CCE (FIG. 7A). The integrated circuit package assembly 2470 illustrates an implementation of one or more processor or accelerator devices as described herein. The package assembly 2470 includes multiple units of hardware logic 2472, 2474 connected to a substrate 2480. The logic 2472, 2474 may be implemented at least partly in configurable logic or fixed-functionality logic hardware, and can include one or more portions of any of the processor core(s), graphics processor(s), or other accelerator devices described herein. Each unit of logic 2472, 2474 can be implemented within a semiconductor die and coupled with the substrate 2480 via an interconnect structure 2473. The interconnect structure 2473 may be configured to route electrical signals between the logic 2472, 2474 and the substrate 2480, and can include interconnects such as, but not limited to bumps or pillars. In some embodiments, the interconnect structure 2473 may be configured to route electrical signals such as, for example, input/output (I/O) signals and/or power or ground signals associated with the operation of the logic 2472, 2474. In some embodiments, the substrate 2480 is an epoxy-based laminate substrate. The substrate 2480 may include other suitable types of substrates in other embodiments. The package assembly 2470 can be connected to other electrical devices via a package interconnect 2483. The package interconnect 2483 may be coupled to a surface of the substrate 2480 to route electrical signals to other electrical devices, such as a motherboard, other chipset, or multi-chip module.

In some embodiments, the units of logic 2472, 2474 are electrically coupled with a bridge 2482 that is configured to route electrical signals between the logic 2472, 2474. The bridge 2482 may be a dense interconnect structure that provides a route for electrical signals. The bridge 2482 may include a bridge substrate composed of glass or a suitable semiconductor material. Electrical routing features can be formed on the bridge substrate to provide a chip-to-chip connection between the logic 2472, 2474.

Although two units of logic 2472, 2474 and a bridge 2482 are illustrated, embodiments described herein may include more or fewer logic units on one or more dies. The one or more dies may be connected by zero or more bridges, as the bridge 2482 may be excluded when the logic is included on a single die. Alternatively, multiple dies or units of logic can be connected by one or more bridges. Additionally, multiple logic units, dies, and bridges can be connected together in other possible configurations, including three-dimensional configurations.

FIG. 20C illustrates a package assembly 2490 that includes multiple units of hardware logic chiplets connected to a substrate 2480 (e.g., base die). A graphics processing unit, parallel processor, and/or compute accelerator as described herein can be composed from diverse silicon chiplets that are separately manufactured. In this context, a chiplet is an at least partially packaged integrated circuit that includes distinct units of logic that can be assembled with other chiplets into a larger package. A diverse set of chiplets with different IP core logic can be assembled into a single device. Additionally the chiplets can be integrated into a base die or base chiplet using active interposer technology. The concepts described herein enable the interconnection and communication between the different forms of IP within the GPU. IP cores can be manufactured using different process technologies and composed during manufacturing, which avoids the complexity of converging multiple IPs, especially on a large SoC with several flavors IPs, to the same manufacturing process. Enabling the use of multiple process technologies improves the time to market and provides a cost-effective way to create multiple product SKUs. Additionally, the disaggregated IPs are more amenable to being power gated independently, components that are not in use on a given workload can be powered off, reducing overall power consumption.

The hardware logic chiplets can include special purpose hardware logic chiplets 2472, logic or I/O chiplets 2474, and/or memory chiplets 2475. The hardware logic chiplets 2472 and logic or I/O chiplets 2474 may be implemented at least partly in configurable logic or fixed-functionality logic hardware and can include one or more portions of any of the processor core(s), graphics processor(s), parallel processors, or other accelerator devices described herein. The memory chiplets 2475 can be DRAM (e.g., GDDR, HBM) memory or cache (SRAM) memory.

Each chiplet can be fabricated as separate semiconductor die and coupled with the substrate 2480 via an interconnect structure 2473. The interconnect structure 2473 may be configured to route electrical signals between the various chiplets and logic within the substrate 2480. The interconnect structure 2473 can include interconnects such as, but not limited to bumps or pillars. In some embodiments, the interconnect structure 2473 may be configured to route electrical signals such as, for example, input/output (I/O) signals and/or power or ground signals associated with the operation of the logic, I/O and memory chiplets.

In some embodiments, the substrate 2480 is an epoxy-based laminate substrate. The substrate 2480 may include other suitable types of substrates in other embodiments. The package assembly 2490 can be connected to other electrical devices via a package interconnect 2483. The package interconnect 2483 may be coupled to a surface of the substrate 2480 to route electrical signals to other electrical devices, such as a motherboard, other chipset, or multi-chip module.

In some embodiments, a logic or I/O chiplet 2474 and a memory chiplet 2475 can be electrically coupled via a bridge 2487 that is configured to route electrical signals between the logic or I/O chiplet 2474 and a memory chiplet 2475. The bridge 2487 may be a dense interconnect structure that provides a route for electrical signals. The bridge 2487 may include a bridge substrate composed of glass or a suitable semiconductor material. Electrical routing features can be formed on the bridge substrate to provide a chip-to-chip connection between the logic or I/O chiplet 2474 and a memory chiplet 2475. The bridge 2487 may also be referred to as a silicon bridge or an interconnect bridge. For example, the bridge 2487, in some embodiments, is an Embedded Multi-die Interconnect Bridge (EMIB). In some embodiments, the bridge 2487 may simply be a direct connection from one chiplet to another chiplet.

The substrate 2480 can include hardware components for I/O 2491, cache memory 2492, and other hardware logic 2493. A fabric 2485 can be embedded in the substrate 2480 to enable communication between the various logic chiplets and the logic 2491, 2493 within the substrate 2480. In one embodiment, the I/O 2491, fabric 2485, cache, bridge, and other hardware logic 2493 can be integrated into a base die that is layered on top of the substrate 2480.

In various embodiments a package assembly 2490 can include fewer or greater number of components and chiplets that are interconnected by a fabric 2485 or one or more bridges 2487. The chiplets within the package assembly 2490 may be arranged in a 3D or 2.5D arrangement. In general, bridge structures 2487 may be used to facilitate a point to point interconnect between, for example, logic or I/O chiplets and memory chiplets. The fabric 2485 can be used to interconnect the various logic and/or I/O chiplets (e.g., chiplets 2472, 2474, 2491, 2493). with other logic and/or I/O chiplets. In one embodiment, the cache memory 2492 within the substrate can act as a global cache for the package assembly 2490, part of a distributed global cache, or as a dedicated cache for the fabric 2485.

FIG. 20D illustrates a package assembly 2494 including interchangeable chiplets 2495, according to an embodiment. The interchangeable chiplets 2495 can be assembled into standardized slots on one or more base chiplets 2496, 2498. The base chiplets 2496, 2498 can be coupled via a bridge interconnect 2497, which can be similar to the other bridge interconnects described herein and may be, for example, an EMIB. Memory chiplets can also be connected to logic or I/O chiplets via a bridge interconnect. I/O and logic chiplets can communicate via an interconnect fabric. The base chiplets can each support one or more slots in a standardized format for one of logic or I/O or memory/cache.

In one embodiment, SRAM and power delivery circuits can be fabricated into one or more of the base chiplets 2496, 2498, which can be fabricated using a different process technology relative to the interchangeable chiplets 2495 that are stacked on top of the base chiplets. For example, the base chiplets 2496, 2498 can be fabricated using a larger process technology, while the interchangeable chiplets can be manufactured using a smaller process technology. One or more of the interchangeable chiplets 2495 may be memory (e.g., DRAM) chiplets. Different memory densities can be selected for the package assembly 2494 based on the power, and/or performance targeted for the product that uses the package assembly 2494. Additionally, logic chiplets with a different number of type of functional units can be selected at time of assembly based on the power, and/or performance targeted for the product. Additionally, chiplets containing IP logic cores of differing types can be inserted into the interchangeable chiplet slots, enabling hybrid processor designs that can mix and match different technology IP blocks.

Exemplary System on a Chip Integrated Circuit

FIGS. 21-22B illustrate exemplary integrated circuits and associated graphics processors that may be fabricated using one or more IP cores, according to various embodiments described herein. In addition to what is illustrated, other logic and circuits may be included, including additional graphics processors/cores, peripheral interface controllers, or general-purpose processor cores.

FIG. 21 is a block diagram illustrating an exemplary system on a chip integrated circuit 1200 that may be fabricated using one or more IP cores, according to an embodiment. Exemplary integrated circuit 1200 includes one or more application processor(s) 1205 (e.g., CPUs), at least one graphics processor 1210, and may additionally include an image processor 1215 and/or a video processor 1220, any of which may be a modular IP core from the same or multiple different design facilities. Integrated circuit 1200 includes peripheral or bus logic including a USB controller 1225, UART controller 1230, an SPI/SDIO controller 1235, and an I2S/I2C controller 1240. Additionally, the integrated circuit can include a display device 1245 coupled to one or more of a high-definition multimedia interface (HDMI) controller 1250 and a mobile industry processor interface (MIPI) display interface 1255. Storage may be provided by a flash memory subsystem 1260 including flash memory and a flash memory controller. Memory interface may be provided via a memory controller 1265 for access to SDRAM or SRAM memory devices. Some integrated circuits additionally include an embedded security engine 1270.

FIGS. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments described herein. FIG. 22A illustrates an exemplary graphics processor 1310 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment. FIG. 22B illustrates an additional exemplary graphics processor 1340 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment. Graphics processor 1310 of FIG. 22A is an example of a low power graphics processor core. Graphics processor 1340 of FIG. 22B is an example of a higher performance graphics processor core. Each of the graphics processors 1310, 1340 can be variants of the graphics processor 1210 of FIG. 21.

FIGS. 22A-22B are block diagrams illustrating exemplary graphics processors for use within an SoC, according to embodiments described herein. FIG. 22A illustrates an exemplary graphics processor 2610 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment. FIG. 22B illustrates an additional exemplary graphics processor 2640 of a system on a chip integrated circuit that may be fabricated using one or more IP cores, according to an embodiment. Graphics processor 2610 of FIG. 22A is an example of a low power graphics processor core. Graphics processor 2640 of FIG. 22B is an example of a higher performance graphics processor core. Each of the graphics processors 2610, 2640 can be variants of the graphics processor 2510 of FIG. 21.

As shown in FIG. 22A, graphics processor 2610 includes a vertex processor 2605 and one or more fragment processor(s) 2615A-2615N (e.g., 2615A, 2615B, 2615C, 2615D, through 2615N-1, and 2615N). Graphics processor 2610 can execute different shader programs via separate logic, such that the vertex processor 2605 is optimized to execute operations for vertex shader programs, while the one or more fragment processor(s) 2615A-2615N execute fragment (e.g., pixel) shading operations for fragment or pixel shader programs. The vertex processor 2605 performs the vertex processing stage of the 3D graphics pipeline and generates primitives and vertex data. The fragment processor(s) 2615A-2615N use the primitive and vertex data generated by the vertex processor 2605 to produce a framebuffer that is displayed on a display device. In one embodiment, the fragment processor(s) 2615A-2615N are optimized to execute fragment shader programs as provided for in the OpenGL API, which may be used to perform similar operations as a pixel shader program as provided for in the Direct 3D API. In some embodiments, the GPU 2610 may operate similarly to the GPU 1152 (FIG. 7A).

Graphics processor 2610 additionally includes one or more memory management units (MMUs) 2620A-2620B, cache(s) 2625A-2625B, and circuit interconnect(s) 2630A-2630B. The one or more MMU(s) 2620A-2620B provide for virtual to physical address mapping for the graphics processor 2610, including for the vertex processor 2605 and/or fragment processor(s) 2615A-2615N, which may reference vertex or image/texture data stored in memory, in addition to vertex or image/texture data stored in the one or more cache(s) 2625A-2625B. In one embodiment the one or more MMU(s) 2620A-2620B may be synchronized with other MMUs within the system, including one or more MMUs associated with the one or more application processor(s) 2505, image processor 2515, and/or video processor 2520 of FIG. 21, such that each processor 2505-2520 can participate in a shared or unified virtual memory system. The one or more circuit interconnect(s) 2630A-2630B enable graphics processor 2610 to interface with other IP cores within the SoC, either via an internal bus of the SoC or via a direct connection, according to embodiments.

As shown FIG. 22B, graphics processor 2640 includes the one or more MMU(s) 2620A-2620B, cache(s) 2625A-2625B, and circuit interconnect(s) 2630A-2630B of the graphics processor 2610 of FIG. 22A. Graphics processor 2640 includes one or more shader core(s) 2655A-2655N (e.g., 2655A, 2655B, 2655C, 2655D, 2655E, 2655F, through 2655N-1, and 2655N), which provides for a unified shader core architecture in which a single core or type or core can execute all types of programmable shader code, including shader program code to implement vertex shaders, fragment shaders, and/or compute shaders. The exact number of shader cores present can vary among embodiments and implementations. Additionally, graphics processor 2640 includes an inter-core task manager 2645, which acts as a thread dispatcher to dispatch execution threads to one or more shader cores 2655A-2655N and a tiling unit 2658 to accelerate tiling operations for tile-based rendering, in which rendering operations for a scene are subdivided in image space, for example to exploit local spatial coherence within a scene or to optimize use of internal caches.

ADDITIONAL NOTES AND EXAMPLES

Example A1 includes a computing system comprising a graphics processor including a plurality of cores including lanes and encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to process thread data with the lanes, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.

Example A2 includes the computing system of Example A1, wherein the instructions, when executed, cause the computing system to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.

Example A3 includes the computing system of Example A2, wherein the instructions, when executed, cause the computing system to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.

Example A4 includes the computing system of Example A1, wherein the instructions, when executed, cause the computing system to verify credentials of a thread, and assign a key to the thread based on the credentials.

Example A5 includes the computing system of Example A1, wherein the instructions, when executed, cause the computing system to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.

Example A6 includes the computing system of any one of Examples A1 to A5, wherein the graphics processor is to be a single instruction, multiple data architecture.

Example A7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to process thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.

Example A8 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.

Example A9 includes the apparatus of Example A8, wherein the logic coupled to the one or more substrates is to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.

Example A10 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to verify credentials of a thread, and assign a key to the thread based on the credentials.

Example A11 includes the apparatus of Example A7, wherein the logic coupled to the one or more substrates is to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.

Example A12 includes the apparatus of any one of Examples A7 to A11, wherein the graphics processor is to be a single instruction, multiple data architecture.

Example A13 includes the apparatus of any one of Examples A7 to A11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example A14 includes At least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to process thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is to be associated with a different encryption engine of the encryption engines, and encrypt, with the encryption engines, the lanes according to a plurality of different encryption keys.

Example A15 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to identify that a first thread is to be associated with a first context, identify a first key associated with the first context, and encrypt, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.

Example A16 the at least one computer readable storage medium of Example A15, wherein the instructions, when executed, cause the computing device to identify that a second thread is to be associated with a second context, identify a second key associated with the second context, and encrypt, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.

Example A17 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to verify credentials of a thread, and assign a key to the thread based on the credentials.

Example A18 includes the at least one computer readable storage medium of Example A14, wherein the instructions, when executed, cause the computing device to concatenate data associated with a same encryption key, wherein the data is to originate from a plurality of the lanes.

Example A19 includes the at least one computer readable storage medium of any one of Examples A14 to A18, wherein the graphics processor is to be a single instruction, multiple data architecture.

Example A20 includes a method comprising processing thread data with lanes of a plurality of cores of a graphics processor, wherein the plurality of cores include encryption engines, wherein each of the lanes is associated with a different encryption engine of the encryption engines, and encrypting, with the encryption engines, the lanes according to a plurality of different encryption keys.

Example A21 includes the method of Example A20, further comprising identifying that a first thread is associated with a first context, identifying a first key associated with the first context, and encrypting, with a first encryption engine of the encryption engines, first data associated with the first thread based on the first key.

Example A22 includes the method of Example A21, further comprising identifying that a second thread is associated with a second context, identifying a second key associated with the second context, and encrypting, with a second encryption engine, second data associated with the second thread based on the second key concurrently with the encryption of the first data.

Example A23 includes the method of Example A20, further comprising verifying credentials of a thread, and assigning a key to the thread based on the credentials.

Example A24 includes the method of Example A20, further comprising concatenating data associated with a same encryption key, wherein the data originates from a plurality of the lanes.

Example A25 includes the method of any one of Examples A20 to A24, wherein the graphics processor is a single instruction, multiple data architecture.

Example A26 includes an apparatus comprising means for performing the method of any one of Examples A20 to A25.

Example B1 includes a computing system comprising a graphics processor, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to identify a plurality of claims associated with a same content, wherein the plurality of claims are to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.

Example B2 includes the computing system of Example B1, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.

Example B3 includes the computing system of Example B2, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.

Example B4 includes the computing system of Example B1, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.

Example B5 includes the computing system of Example B1, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.

Example B6 includes the computing system of any one of Examples B1 to B5, wherein the instructions, when executed, cause the computing system to execute a machine learning algorithm to determine the authenticity score.

Example B7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to identify a plurality of claims associated with a same content, wherein the plurality of claims are to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.

Example B8 includes the apparatus of Example B7, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.

Example B9 includes the apparatus of claim B8, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.

Example B10 includes the apparatus of Example B7, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.

Example B11 includes the apparatus of Example B7, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.

Example B12 includes the apparatus of any one of Examples B7 to B11, wherein the logic coupled to the one or more substrates is to execute a machine learning algorithm to determine the authenticity score.

Example B13 includes the apparatus of any one of Examples B7 to B11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example B14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to identify a plurality of claims associated with a same content, wherein the plurality of claims is to originate from a plurality of sources, and determine an authenticity score for the content based on the plurality of claims.

Example B15 includes the at least one computer readable storage medium of Example B14, wherein each respective claim of the plurality of claims is to include an indication of whether the same content is authentic or fake.

Example B16 includes the at least one computer readable storage medium of Example B15, wherein one or more of the claims is to include an identification of a machine learning model that generated the indication.

Example B17 includes the at least one computer readable storage medium of Example B14, wherein one or more of the claims is to include a non-machine learning reproductive algorithm that is to reproduce the same content.

Example B18 includes the at least one computer readable storage medium of Example B14, wherein one or more of the claims is to include a machine learning reproductive algorithm that is to reproduce the same content.

Example B19 includes the at least one computer readable storage medium of any one of Examples B14 to B18, wherein, wherein the instructions, when executed, cause the computing system to execute a machine learning algorithm to determine the authenticity score.

Example B20 includes a method comprising identifying a plurality of claims associated with a same content, wherein the plurality of claims originate from a plurality of sources, and determining an authenticity score for the content based on the plurality of claims.

Example B21 includes the method of Example B20, wherein each respective claim of the plurality of claims includes an indication of whether the same content is authentic or fake.

Example B22 includes the method of Example B21, wherein one or more of the claims includes an identification of a machine learning model that generated the indication.

Example B23 includes the method of Example B20, wherein one or more of the claims include a non-machine learning reproductive algorithm that reproduced the same content.

Example B24 includes the method of Example B20, wherein one or more of the claims includes a machine learning reproductive algorithm that reproduced the same content.

Example B25 includes the method of any one of Examples B20 to B24, further comprising executing a machine learning algorithm to determine the authenticity score.

Example B26 includes an apparatus comprising means for performing the method of any one of Examples B20 to B25.

Example C1 includes a computing system comprising a data storage, a host processor, a plurality of accelerators that are to be divided into a first trust domain and a second trust domain, wherein the plurality of accelerators are to include a graphics processor, and a converged cryptographic engine (CCE) implemented at least partly in one or more of configurable logic or fixed-functionality logic hardware, and a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to partition a plurality of encryption keys between the first trust domain and the second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, and encrypt, with the CCE, data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.

Example C2 includes the computing system of example C1, wherein the instructions, when executed, cause the computing system to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.

Example C3 includes the computing system of example C2, wherein the instructions, when executed, cause the computing system to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.

Example C4 includes the computing system of example C1, wherein the instructions, when executed, cause the computing system to block the host processor from accessing the first encryption keys and the second encryption keys.

Example C5 includes the computing system of example C1, wherein the instructions, when executed, cause the computing system to store the encrypted data in the data storage.

Example C6 includes the computing system of any one of examples C1-05, wherein the CCE is be in a memory path between the first and second trust domains and the data storage.

Example C7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to partition a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are to be associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.

Example C8 includes the apparatus of example C7, wherein the logic coupled to the one or more substrates is to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.

Example C9 includes the apparatus of example C8, wherein the logic coupled to the one or more substrates is to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.

Example C10 includes the apparatus of example C7, wherein the logic coupled to the one or more substrates is to block a host processor from accessing the first encryption keys and the second encryption keys.

Example C11 includes the apparatus of example C9, wherein the logic coupled to the one or more substrates is to store the encrypted data in a data storage.

Example C12 includes the apparatus of any one of examples C7 to C11, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.

Example C13 includes the apparatus of any one of examples C7 to C11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example C14 includes At least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to partition a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are to be associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.

Example C15 includes the at least one computer readable storage medium of example C14, wherein the instructions, when executed, cause the computing device to identify, with the CCE, that a first data write is to originate from the first trust domain, and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.

Example C16 includes the at least one computer readable storage medium of example C15, wherein the instructions, when executed, cause the computing device to identify, with the CCE, that a second data write is to originate from the second trust domain, and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.

Example C17 includes the at least one computer readable storage medium of example C16, wherein the instructions, when executed, cause the computing device to block a host processor from accessing the first encryption keys and the second encryption keys.

Example C18 includes the at least one computer readable storage medium of example C14, wherein the instructions, when executed, cause the computing device to store the encrypted data in a data storage.

Example C19 includes the at least one computer readable storage medium of any one of examples C14 to C18, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.

Example C20 includes A method comprising partitioning a plurality of encryption keys between a first trust domain and a second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain, wherein the first and second trust domains are associated with a plurality of accelerators, and encrypt, with a converged cryptographic engine (CCE), data according to the first encryption keys or the second encryption keys based on whether the data originates from the first trust domain or the second trust domain.

Example C21 includes the method of example C20, further comprising identifying, with the CCE, that a first data write originates from the first trust domain, and encrypting, with the CCE, data associated with the first data write with a key of the first encryption keys.

Example C22 includes the method of example C20, further comprising identifying, with the CCE, that a second data write originates from the second trust domain, and encrypting, with the CCE, data associated with the second data write with a key of the second encryption keys.

Example C23 includes the method of example C22, further including blocking a host processor from accessing the first encryption keys and the second encryption keys.

Example C24 includes the method of example C20, further including storing the encrypted data in a data storage.

Example C25 includes the method of any one of examples C20 to C25, wherein the CCE is be in a memory path between the first and second trust domains and a data storage.

Example C26 includes an apparatus comprising means for performing the method of any one of Examples C20 to C25.

Example D1 includes a computing system comprising a host processor, a graphics processor, a memory including a set of instructions, which when executed by one or more of the host processor or the graphics processor, cause the computing system to encrypt, with the host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.

Example D2 includes the computing system of Example D1, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted virtual address based on the first key and the tweak.

Example D3 includes the computing system of Example D2, wherein the instructions, when executed, cause the computing system to identify, with the graphics processor, encrypted data associated with the virtual address.

Example D4 includes the computing system of Example D3, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.

Example D5 includes the computing system of Example D4, wherein the instructions, when executed, cause the computing system to decrypt, with the graphics processor, the encrypted data based on a second key.

Example D6 includes the computing system of any one of Examples D1 to D5, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.

Example D7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to encrypt, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.

Example D8 includes the apparatus of Example D7, wherein the logic coupled to the one or more substrates is to decrypt, with a graphics processor, the encrypted virtual address based on the first key and the tweak.

Example D9 includes the apparatus of Example D8, wherein the logic coupled to the one or more substrates is to identify, with the graphics processor, encrypted data associated with the virtual address.

Example D10 includes the apparatus of Example D9, wherein the logic coupled to the one or more substrates is to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.

Example D1l includes the apparatus of Example D10, wherein the logic coupled to the one or more substrates is to decrypt, with the graphics processor, the encrypted data based on a second key.

Example D12 includes the apparatus of any one of Examples D7 to D11, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.

Example D13 includes the apparatus of any one of Examples D7 to D11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example D14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to encrypt, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and share, with the host processor, the first key and the tweak.

Example D15 includes the at least one computer readable storage medium of Example D14, wherein the instructions, when executed, cause the computing device to decrypt, with a graphics processor, the encrypted virtual address based on the first key and the tweak.

Example D16 includes the at least one computer readable storage medium of Example D15, wherein the instructions, when executed, cause the computing device to identify, with the graphics processor, encrypted data associated with the virtual address.

Example D17 includes the at least one computer readable storage medium of Example 16, wherein the instructions, when executed, cause the computing device to decrypt, with the graphics processor, the encrypted data based on the encrypted virtual address.

Example D18 includes the at least one computer readable storage medium of Example D17, wherein the instructions, when executed, cause the computing device to decrypt, with the graphics processor, the encrypted data based on a second key.

Example D19 includes the at least one computer readable storage medium of any one of Examples D14 to D18, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.

Example D20 includes a method comprising encrypting, with a host processor, a virtual address based on a first key and a tweak, wherein the tweak is one or more fields of the virtual address, and sharing, with the host processor, the first key and the tweak.

Example D21 includes the method of Example D20, further comprising decrypting, with a graphics processor, the encrypted virtual address based on the first key and the tweak.

Example D22 includes the method of Example D21, further comprising identifying, with the graphics processor, encrypted data associated with the virtual address.

Example D23 includes the method of Example D22, further comprising decrypting, with the graphics processor, the encrypted data based on the encrypted virtual address.

Example D24 includes the method of Example D23, further comprising decrypting, with the graphics processor, the encrypted data based on a second key.

Example D25 includes the method of any one of Examples D20 to D24, wherein the one or more fields are to include address bits, a size, a type, a location, an ownership, an access control, and permissions.

Example D26 includes an apparatus comprising means for performing the method of any one of Examples D20 to D25.

Example E1 includes a computing system comprising a graphics processor that includes a plurality of compute engines, a plurality of target environments and root-of-trust (RoT) hardware, a memory including a set of instructions, which when executed by the graphics processor, cause the computing system to transmit, with a first target environment of the plurality of target environments, first key seeds to the compute engines, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.

Example E2 includes the computing system of Example E1, wherein the instructions, when executed, cause the computing system to transmit, with the plurality of target environments, second key seeds to each other.

Example E3 includes the computing system of Example E2, wherein the instructions, when executed, cause the computing system to generate, with the plurality of target environments, unique identity keys based on the second key seeds.

Example E4 includes the computing system of Example E3, wherein the instructions, when executed, cause the computing system to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.

Example E5 includes the computing system of any one of Examples E1 to E4, wherein the instructions, when executed, cause the computing system to generate, with the RoT hardware, a key seed for a second target environment of the plurality of target environments.

Example E6 includes the computing system of Example E5, wherein the instructions, when executed, cause the computing system to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.

Example E7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to transmit, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.

Example E8 includes the apparatus of Example E7, wherein the logic coupled to the one or more substrates is to transmit, with the plurality of target environments, second key seeds to each other.

Example E9 includes the apparatus of Example E8, wherein the logic coupled to the one or more substrates is to generate, with the plurality of target environments, unique identity keys based on the second key seeds.

Example E10 includes the apparatus of Example E9, wherein the logic coupled to the one or more substrates is to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.

Example e11 includes the apparatus of any one of Examples E7 to E10, wherein the logic coupled to the one or more substrates is to generate, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.

Example E12 includes the apparatus of Example E11, wherein the logic coupled to the one or more substrates is to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.

Example E13 includes the apparatus of any one of Examples E7 to E11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example E14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to transmit, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collect claims, with the first target environment, from the compute engines to generate evidence, and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.

Example E15 includes the at least one computer readable storage medium of Example E14, wherein the instructions, when executed, cause the computing device to transmit, with the plurality of target environments, second key seeds to each other.

Example E16 includes the at least one computer readable storage medium of Example E15, wherein the instructions, when executed, cause the computing device to generate, with the plurality of target environments, unique identity keys based on the second key seeds.

Example E17 includes The at least one computer readable storage medium of Example E16, wherein the instructions, when executed, cause the computing device to collect, with the plurality of target environments, claims of the plurality of target environments, and generate evidence for attestation based on the claims of the plurality of target environments.

Example E18 includes the at least one computer readable storage medium of any one of Examples E14 to E17, wherein the instructions, when executed, cause the computing device to generate, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.

Example E19 includes the at least one computer readable storage medium of Example E18, wherein the instructions, when executed, cause the computing device to collect claims, with the RoT hardware, from the second target environment, and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.

Example E20 includes a method comprising transmitting, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor, collecting claims, with the first target environment, from the compute engines to generate evidence, and generating, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.

Example E21 includes the method of Example E20, further comprising transmitting, with the plurality of target environments, second key seeds to each other.

Example E22 includes the method of Example E21, further comprising generating, with the plurality of target environments, unique identity keys based on the second key seeds.

Example E23 includes the method of Example E22, further comprising collecting, with the plurality of target environments, claims of the plurality of target environments, and generating evidence for attestation based on the claims of the plurality of target environments.

Example E24 includes the method of Examples E20 to E23, further comprising generating, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.

Example E25 includes the method of Example E24, further comprising collecting claims, with the RoT hardware, from the second target environment, and generating, with the RoT hardware, evidence based on the claims collected from the second target environment.

Example E26 includes an apparatus comprising means for performing the method of any one of Examples E20 to E25.

Example F1 includes a computing system comprising a host processor to execute a host operating system, a graphics processor, a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of the graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.

Example F2 includes the computing system of Example F1, wherein the instructions, when executed, further cause the one or more of the graphics processor or the host processor to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.

Example F3 includes the computing system of Example F1, wherein the instructions, when executed, further cause the graphics processor to generate the first encryption key.

Example F4 includes the computing system of Example F1, wherein the instructions, when executed, further cause one or more of the graphics processor or the host processor to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on the host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.

Example F5 includes the computing system of Example F4, wherein the instructions, when executed, further cause one or more of the graphics processor or the host processor to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.

Example F6 includes the computing system of any one of Examples F1 to F5, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.

Example F7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.

Example F8 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.

Example F9 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to generate the first encryption key.

Example F10 includes the apparatus of Example F7, wherein the logic coupled to the one or more substrates is to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on a host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.

Example F11 includes the apparatus of Example F10, wherein the logic coupled to the one or more substrates is to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.

Example F12 includes the apparatus of any one of Examples F7 to F11, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.

Example F13 includes the apparatus of any one of Examples F7 to F11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example F14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to generate, with a virtual machine, confidential data to be rendered, encrypt, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, store the encrypted confidential data in a first buffer, and decrypt, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.

Example F15 includes the at least one computer readable storage medium of Example F14, wherein the instructions, when executed, cause the computing device to conduct a verification process with a trusted execution environment to prove an identity of the virtual machine, receive, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receive, with the graphics processor, the session key from the trusted execution environment.

Example F16 includes the at least one computer readable storage medium of Example F14, wherein the instructions, when executed, cause the computing device to generate the first encryption key.

Example F17 includes the at least one computer readable storage medium of Example F14, wherein the instructions, when executed, cause the computing device to composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more application to be executed on a host operating system, encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is to be different from the first encryption key, and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.

Example F18 includes the at least one computer readable storage medium of Example F17, wherein the instructions, when executed, cause the computing device to in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second encryption key.

Example F19 includes the at least one computer readable storage medium of any one of Examples F14 to F18, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.

Example F20 includes a method comprising generating, with a virtual machine, confidential data that will be rendered, encrypting, with one or more of a graphics processor or the virtual machine, the confidential data according to a first encryption key to generate encrypted confidential data, storing the encrypted confidential data in a first buffer, and decrypting, with the graphics processor, the encrypted confidential data to generate decrypted confidential information.

Example F21 includes the method of Example F20, further comprising conducting a verification process with a trusted execution environment to prove an identity of the virtual machine, receiving, with the virtual machine, a session key from the trusted execution environment, wherein the session key is to be the first encryption key, and receiving, with the graphics processor, the session key from the trusted execution environment.

Example F22 includes the method of Example F20, further comprising generating the first encryption key.

Example F23 includes the method of Example F20, further comprising compositing the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is associated with one or more application to be executed on a host operating system, encrypting the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second encryption key is different from the first encryption key, and storing the encrypted composited confidential and application data in a second buffer that is different than the first buffer.

Example F24 includes the method of Example F23, further comprising in response to an identification that the encrypted composited confidential and application data will be displayed, decrypting the encrypted composited confidential and application data according to the second encryption key.

Example F25 includes the method of any one of Examples F20 to F24, wherein the first encryption key is to be a private symmetric digital rights management (DRM) session key.

Example F26 includes an apparatus comprising means for performing the method of any one of Examples F20 to F25.

Example G1 includes a computing system comprising a non-volatile storage, a host processor, a graphics processor, and a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with the graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from the memory to the non-volatile storage.

Example G2 includes the computing system of Example G1, wherein the instructions, when executed, cause the computing system to increment a global counter in response to an identification that the first data is to be paged-out.

Example G3 includes the computing system of any one of Examples G1 to G2, wherein the instructions, when executed, cause the computing system to generate a message authentication code (MAC) value based on the first data that is to be in the second format.

Example G4 includes the computing system of Example G3, wherein the instructions, when executed, cause the computing system to store the MAC value in a protected memory.

Example G5 includes the computing system of Example G1, wherein the instructions, when executed, cause the computing system to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.

Example G6 includes the computing system of Example G5, wherein the instructions, when executed, cause the computing system to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.

Example G7 includes a semiconductor apparatus comprising one or more substrates, and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from a memory to a non-volatile storage.

Example G8 includes the apparatus of Example G7, wherein the logic coupled to the one or more substrates is to increment a global counter in response to an identification that the first data is to be paged-out.

Example G9 includes the apparatus of any one of Examples G7 to G8, wherein the logic coupled to the one or more substrates is to generate a message authentication code (MAC) value based on the first data that is to be in the second format.

Example G10 includes the apparatus of Example G9, wherein the logic coupled to the one or more substrates is to store the MAC value in a protected memory.

Example G11 includes the apparatus of Example G7, wherein the logic coupled to the one or more substrates is to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.

Example G12 includes the apparatus of Example G11, wherein the logic coupled to the one or more substrates is to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.

Example G13 includes the apparatus of any one of Examples G7 to G11, wherein the logic coupled to the one or more substrates includes transistor channel regions that are positioned within the one or more substrates.

Example G14 includes at least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format, convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format, and page-out the first data, that is to be in the second format, from a memory to a non-volatile storage.

Example G15 includes The at least one computer readable storage medium of Example G14, wherein the instructions, when executed, cause the computing device to increment a global counter in response to an identification that the first data is to be paged-out.

Example G16 includes the at least one computer readable storage medium of any one of Examples G14 to G15, wherein the instructions, when executed, cause the computing device to generate a message authentication code (MAC) value based on the first data that is to be in the second format.

Example G17 includes the at least one computer readable storage medium of Example G16, wherein the instructions, when executed, cause the computing device to store the MAC value in a protected memory.

Example G18 includes the at least one computer readable storage medium of Example G14, wherein the instructions, when executed, cause the computing device to page-in second data from a storage, calculate a message authentication code (MAC) value based on the second data, and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.

Example G19 includes the at least one computer readable storage medium of Example G18, wherein the instructions, when executed, cause the computing device to execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.

Example G20 includes a method comprising identifying that first data is to be in a first format, wherein the first format is a physical address based encryption format, converting, with a graphics processor, the first data from the first format to a second format, wherein the second format is a physical address agnostic encryption format, and paging-out the first data, that is in the second format, from a memory to a non-volatile storage.

Example G21 includes the method of Example G20, further comprising incrementing a global counter in response to an identification that the first data is to be paged-out.

Example G22 includes the method of any one of Examples G20 to G21, further comprising generating a message authentication code (MAC) value based on the first data that is to be in the second format.

Example G23 includes the method of Example G22, further comprising storing the MAC value in a protected memory.

Example G24 includes the method of Example G20, further comprising paging-in second data from a storage, calculating a message authentication code (MAC) value based on the second data, and comparing the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.

Example G25 includes the method of Example G24, further comprising executing one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data, and bypassing one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.

Example G26 includes an apparatus comprising means for performing the method of any one of Examples G20 to G25.

Embodiments are applicable for use with all types of semiconductor integrated circuit (“IC”) chips. Examples of these IC chips include but are not limited to processors, controllers, chipset components, programmable logic arrays (PLAs), memory chips, network chips, systems on chip (SoCs), SSD/NAND controller ASICs, and the like. In addition, in some of the drawings, signal conductor lines are represented with lines. Some may be different, to indicate more constituent signal paths, have a number label, to indicate a number of constituent signal paths, and/or have arrows at one or more ends, to indicate primary information flow direction. This, however, should not be construed in a limiting manner. Rather, such added detail may be used in connection with one or more exemplary embodiments to facilitate easier understanding of a circuit. Any represented signal lines, whether or not having additional information, may actually comprise one or more signals that may travel in multiple directions and may be implemented with any suitable type of signal scheme, e.g., digital or analog lines implemented with differential pairs, optical fiber lines, and/or single-ended lines.

Example sizes/models/values/ranges may have been given, although embodiments are not limited to the same. As manufacturing techniques (e.g., photolithography) mature over time, it is expected that devices of smaller size could be manufactured. In addition, well known power/ground connections to IC chips and other components may or may not be shown within the figures, for simplicity of illustration and discussion, and so as not to obscure certain aspects of the embodiments. Further, arrangements may be shown in block diagram form in order to avoid obscuring embodiments, and also in view of the fact that specifics with respect to implementation of such block diagram arrangements are highly dependent upon the platform within which the embodiment is to be implemented, i.e., such specifics should be well within purview of one skilled in the art. Where specific details (e.g., circuits) are set forth in order to describe example embodiments, it should be apparent to one skilled in the art that embodiments can be practiced without, or with variation of, these specific details. The description is thus to be regarded as illustrative instead of limiting.

The term “coupled” may be used herein to refer to any type of relationship, direct or indirect, between the components in question, and may apply to electrical, mechanical, fluid, optical, electromagnetic, electromechanical or other connections. In addition, the terms “first”, “second”, etc. may be used herein only to facilitate discussion, and carry no particular temporal or chronological significance unless otherwise indicated.

As used in this application and in the claims, a list of items joined by the term “one or more of” may mean any combination of the listed terms. For example, the phrase “one or more of A, B, and C” and the phrase “one or more of A, B, or C” both may mean A; B; C; A and B; A and C; B and C; or A, B and C.

Those skilled in the art will appreciate from the foregoing description that the broad techniques of the embodiments can be implemented in a variety of forms. Therefore, while the embodiments have been described in connection with particular examples thereof, the true scope of the embodiments should not be so limited since other modifications will become apparent to the skilled practitioner upon a study of the drawings, specification, and following claims. 

We claim:
 1. A graphics processor comprising: one or more substrates; and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to: identify confidential data to be rendered, wherein the confidential data is to be associated with a virtual machine; encrypt the confidential data according to a first encryption key to generate encrypted confidential data; cause the encrypted confidential data to be stored in a first buffer; and decrypt the encrypted confidential data to generate decrypted confidential information.
 2. The graphics processor of claim 1, wherein the logic coupled to the one or more substrates is to: receive the first encryption key from a trusted execution environment.
 3. The graphics processor of claim 2, wherein first encryption key is to be a private symmetric digital rights management (DRM) session key.
 4. The graphics processor of claim 1, wherein the logic coupled to the one or more substrates is to: generate the first encryption key.
 5. The graphics processor of claim 1, wherein the logic coupled to the one or more substrates is to: composite the decrypted confidential data with application data to generate composited confidential and application data, wherein the application data is to be associated with one or more applications to be executed on a host operating system; encrypt the composited confidential and application data according to a second encryption key to generate encrypted composited confidential and application data, wherein the second key is to be different from the first key; and store the encrypted composited confidential and application data in a second buffer that is to be different than the first buffer.
 6. The graphics processor of claim 5, wherein the logic coupled to the one or more substrates is to: in response to an identification that the encrypted composited confidential and application data is to be displayed, decrypt the encrypted composited confidential and application data according to the second key.
 7. A semiconductor apparatus comprising: one or more substrates; and logic coupled to the one or more substrates, wherein the logic is implemented in one or more of configurable logic or fixed-functionality hardware logic, the logic coupled to the one or more substrates to: transmit, with a first target environment of a plurality of target environments of a graphics processor, first key seeds to compute engines of the graphics processor; collect claims, with the first target environment, from the compute engines to generate evidence; and generate, with the compute engines, unique identity keys for each of the compute engines based on the first key seeds.
 8. The apparatus of claim 7, wherein the logic coupled to the one or more substrates is to: transmit, with the plurality of target environments, second key seeds to each other.
 9. The apparatus of claim 8, wherein the logic coupled to the one or more substrates is to: generate, with the plurality of target environments, unique identity keys based on the second key seeds.
 10. The apparatus of claim 9, wherein the logic coupled to the one or more substrates is to: collect, with the plurality of target environments, claims of the plurality of target environments; and generate evidence for attestation based on the claims of the plurality of target environments.
 11. The apparatus of any one of claim 7, wherein the logic coupled to the one or more substrates is to: generate, with a RoT hardware of the graphics processor, a key seed for a second target environment of the plurality of target environments.
 12. The apparatus of claim 11, wherein the logic coupled to the one or more substrates is to: collect claims, with the RoT hardware, from the second target environment; and generate, with the RoT hardware, evidence based on the claims collected from the second target environment.
 13. At least one computer readable storage medium comprising a set of instructions, which when executed by a computing device, cause the computing device to: identify that first data is to be in a first format, wherein the first format is to be a physical address based encryption format; convert, with a graphics processor, the first data from the first format to a second format, wherein the second format is to be a physical address agnostic encryption format; and page-out the first data, that is to be in the second format, from a memory to a non-volatile storage.
 14. The at least one computer readable storage medium of claim 13, wherein the instructions, when executed, cause the computing device to: increment a global counter in response to an identification that the first data is to be paged-out.
 15. The at least one computer readable storage medium of claim 13, wherein the instructions, when executed, cause the computing device to: generate a message authentication code (MAC) value based on the first data that is to be in the second format.
 16. The at least one computer readable storage medium of claim 15, wherein the instructions, when executed, cause the computing device to: store the MAC value in a protected memory.
 17. The at least one computer readable storage medium of claim 13, wherein the instructions, when executed, cause the computing device to: page-in second data from a storage; calculate a message authentication code (MAC) value based on the second data; and compare the MAC value of the second data to a MAC value of the first data to determine whether the second data is to correspond to the first data.
 18. The at least one computer readable storage medium of claim 17, wherein the instructions, when executed, cause the computing device to: execute one or more operations based on the second data when the MAC value of the second data being the same as the MAC value of the first data; and bypass one or more operations based on the second data when the MAC value of the second data being dissimilar from the MAC value of the first data.
 19. A computing system comprising: a data storage; a host processor; a plurality of accelerators that are to be divided into a first trust domain and a second trust domain, wherein the plurality of accelerators are to include a graphics processor; and a converged cryptographic engine (CCE) implemented at least partly in one or more of configurable logic or fixed-functionality logic hardware; and a memory including a set of instructions, which when executed by one or more of the graphics processor or the host processor, cause the computing system to: partition a plurality of encryption keys between the first trust domain and the second trust domain so that first encryption keys of the plurality of encryption keys are assigned to the first trust domain, and second encryption keys of the plurality of encryption keys are assigned to the second trust domain; and encrypt, with the CCE, data according to the first encryption keys or the second encryption keys based on whether the data is to originate from the first trust domain or the second trust domain.
 20. The computing system of claim 19, wherein the instructions, when executed, cause the computing system to: identify, with the CCE, that a first data write is to originate from the first trust domain; and encrypt, with the CCE, data associated with the first data write with a key of the first encryption keys.
 21. The computing system of claim 20, wherein the instructions, when executed, cause the computing system to: identify, with the CCE, that a second data write is to originate from the second trust domain; and encrypt, with the CCE, data associated with the second data write with a key of the second encryption keys.
 22. The computing system of claim 19, wherein the instructions, when executed, cause the computing system to: block the host processor from accessing the first encryption keys and the second encryption keys.
 23. The computing system of claim 19, wherein the instructions, when executed, cause the computing system to: store the encrypted data in the data storage.
 24. The computing system of claim 19, wherein the CCE is be in a memory path between the first and second trust domains and the data storage. 